Adobe PDF format riddled with exploitable features
Adobe’s PDF format and standard has been known for a while now to be easily exploitable and, thus, rather insecure. In the past, attackers have taken advantage not only of its vulnerabilities, but of its features as well. And as Adobe has recently announced a sandbox for Adobe Reader, some experts wonder if it’s enough.
As Julia Wolf, a researcher with security company FireEye, pointed out at the 27th Chaos Communication Congress in Berlin – the current PDF standard is riddled with functions that can be misused in various ways.
According to her, a PDF file can have a database scanner embedded in it which is rigged to start scanning as soon as the file is printed on a network printer. It can also be made to display completely different content depending on the OS, browser, PDF reader software or language settings used on the computer.
What’s more, some of its functions can be used to set off arbitrary code execution. The fact that the standard supports many insecure formats (XML), technologies (RFID tags) and script languages (JavaScript) only adds to its weak security.
According to The H Security she also mentioned that, interestingly enough, Adobe calls the the PDF format a “container format”. And, indeed, it can contain many things – from audio and video to Flash files, which can, in their turn, be exploited by the attackers.
But, one of the biggest problems regarding the exploitation of this feature is that most anti-malware solutions fail to detect this embedded malicious software, and the detection rate is poorer still if the malicious code is compressed.
All in all, the sandboxing feature will be a welcome addition to the new version of Adobe Reader. Whether it will solve the problems she described, it remains to be seen.