Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Share this article:
Researchers investigate Adobe vulnerability that enables a PDF to be tracked
Researchers investigate Adobe vulnerability that enables a PDF to be tracked

Security firm McAfee said it has spotted a vulnerability in the latest version of Adobe Reader that would allow someone to track a PDF document.

The flaw, which is being exploited in the wild, affects all versions of Reader, including the most recent, 11.0.2. While the hole does not enable remote code execution – the most serious outcome a vulnerability can have – it can permit a sender "to see when and where the PDF is opened," McAfee researcher Haifei Li wrote in a Friday blog post.

And researchers haven't ruled out whether the flaw is being used as part of an advanced persistent threat (APT)-style attack.

"Is this a serious problem?" Li wrote. "No, we don't want to overvalue the issue. However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch."

Li said McAfee is aware of the issue being actively leveraged. It has spotted a number of PDF samples sent by an email tracking service provider. Researchers, however, are unsure if this was done with malicious intentions.

But the vulnerability, which is able to bypass built-in Reader sandbox protection, could be used in such a way, namely for an APT, Li said.

"An APT attack usually consists of several sophisticated steps," Li wrote. "The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim's computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document's location on the system could be obtained by calling the JavaScript 'this.path' value."

An Adobe spokeswoman told SCMagazine.com on Monday that the company is aware of the issue and is investigating.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."