Does the recent flaw in Adobe PDFs that allows malicious senders to detect when and where a PDF document is opened...
pose any real danger to enterprises?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
I would actually say that the privacy issues are the most significant aspect of this vulnerability. Criminals could, just as an example, be able to track when and where a particular person or email address is opening a file; such valuable information could be used to determine where a particular person might be located at any given moment. This vulnerability could also be used to track to whom a PDF has been forwarded by viewing the different source IPs used to open the attachment. Much of this information is readily shared by people on social networks or other public sources, though, so the privacy impact might be more minimal if attackers just decide there are easier ways (e.g., social engineering) to skin this cat.
From an enterprise information security perspective, using this Adobe PDF vulnerability to track where and when documents are opened poses minimal risk in most cases, though attackers could still learn something about a specific enterprise's security setup via this flaw. For example, knowing when a PDF was opened could indicate that the recipient uses a vulnerable version of Adobe Reader, which, depending on whether an enterprise standardizes versions of its productivity software, might disclose the version of Reader in use throughout the enterprise. If an attacker determines that an enterprise is using an outdated version, a whole slew of known Adobe Reader vulnerabilities could be used in future attacks on the company's users. The ability to confirm that a potentially malicious attachment was opened could also show attackers the following information: that PDFs are not blocked by the enterprise, that Adobe Reader is allowed to access the Internet, whether a Web proxy is used on the network, and the security awareness level of the targeted user. Most of this info could either be easily guessed or determined in other ways, though, so instead of focusing on this specific flaw, enterprises should try to keep Reader updated to the latest versions on users' machines and raise the general awareness of users regarding PDF security issues. Getting users to the point that they won't open every PDF that is emailed to them would be a major security victory in and of itself.
Dig Deeper on Securing Productivity Applications
Related Q&A from Nick Lewis
Malware is increasingly using DNS tunnels to aid in data exfiltration. Expert Nick Lewis explains how the attacks work and how best to defend against...continue reading
Researchers warned about the rise of a new cross-site scripting flaw involving same-origin policy. Expert Nick Lewis explains the vulnerability and ...continue reading
Malware authors are adopting software wrapping to hide malicious code and avoid detection. Expert Nick Lewis explains how to defend against the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.