Does the recent flaw in Adobe PDFs that allows malicious senders to detect when and where a PDF document is opened...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
pose any real danger to enterprises?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
I would actually say that the privacy issues are the most significant aspect of this vulnerability. Criminals could, just as an example, be able to track when and where a particular person or email address is opening a file; such valuable information could be used to determine where a particular person might be located at any given moment. This vulnerability could also be used to track to whom a PDF has been forwarded by viewing the different source IPs used to open the attachment. Much of this information is readily shared by people on social networks or other public sources, though, so the privacy impact might be more minimal if attackers just decide there are easier ways (e.g., social engineering) to skin this cat.
From an enterprise information security perspective, using this Adobe PDF vulnerability to track where and when documents are opened poses minimal risk in most cases, though attackers could still learn something about a specific enterprise's security setup via this flaw. For example, knowing when a PDF was opened could indicate that the recipient uses a vulnerable version of Adobe Reader, which, depending on whether an enterprise standardizes versions of its productivity software, might disclose the version of Reader in use throughout the enterprise. If an attacker determines that an enterprise is using an outdated version, a whole slew of known Adobe Reader vulnerabilities could be used in future attacks on the company's users. The ability to confirm that a potentially malicious attachment was opened could also show attackers the following information: that PDFs are not blocked by the enterprise, that Adobe Reader is allowed to access the Internet, whether a Web proxy is used on the network, and the security awareness level of the targeted user. Most of this info could either be easily guessed or determined in other ways, though, so instead of focusing on this specific flaw, enterprises should try to keep Reader updated to the latest versions on users' machines and raise the general awareness of users regarding PDF security issues. Getting users to the point that they won't open every PDF that is emailed to them would be a major security victory in and of itself.
Dig Deeper on Securing Productivity Applications
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.