Manage Learn to apply best practices and optimize your operations.

Could an Adobe PDF vulnerability provide attackers vital information?

Does it matter if attackers know when and where a PDF was opened? Expert Nick Lewis reviews a recent Adobe PDF flaw that caused such a scenario.

Does the recent flaw in Adobe PDFs that allows malicious senders to detect when and where a PDF document is opened pose any real danger to enterprises?

Ask the Expert!

SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)

I would actually say that the privacy issues are the most significant aspect of this vulnerability. Criminals could, just as an example, be able to track when and where a particular person or email address is opening a file; such valuable information could be used to determine where a particular person might be located at any given moment. This vulnerability could also be used to track to whom a PDF has been forwarded by viewing the different source IPs used to open the attachment. Much of this information is readily shared by people on social networks or other public sources, though, so the privacy impact might be more minimal if attackers just decide there are easier ways (e.g., social engineering) to skin this cat.

From an enterprise information security perspective, using this Adobe PDF vulnerability to track where and when documents are opened poses minimal risk in most cases, though attackers could still learn something about a specific enterprise's security setup via this flaw. For example, knowing when a PDF was opened could indicate that the recipient uses a vulnerable version of Adobe Reader, which, depending on whether an enterprise standardizes versions of its productivity software, might disclose the version of Reader in use throughout the enterprise. If an attacker determines that an enterprise is using an outdated version, a whole slew of known Adobe Reader vulnerabilities could be used in future attacks on the company's users. The ability to confirm that a potentially malicious attachment was opened could also show attackers the following information: that PDFs are not blocked by the enterprise, that Adobe Reader is allowed to access the Internet, whether a Web proxy is used on the network, and the security awareness level of the targeted user. Most of this info could either be easily guessed or determined in other ways, though, so instead of focusing on this specific flaw, enterprises should try to keep Reader updated to the latest versions on users' machines and raise the general awareness of users regarding PDF security issues. Getting users to the point that they won't open every PDF that is emailed to them would be a major security victory in and of itself.

This was last published in March 2014

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.