Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flaw Heightens Risk of Malicious PDFs

Posted by kdawson on from the driving-by dept.

snydeq writes "Security companies warn of a new flaw in version 9 of Adobe Reader and Acrobat that could compromise PCs merely by the opening of a malicious PDF. Although attacks are not yet widespread, hackers are exploiting the flaw in the wild, gaining control of computers via buffer overflow conditions triggered by the opening of specially crafted PDFs." Adobe is calling the flaw "critical" and says a patch for Reader 9 and Acrobat 9 will be released by March 11.

7 of 193 comments (clear)

  1. Sigh... still no basic sandboxing by Ed+Avis · · Score: 5, Interesting

    And why exactly does Adobe Reader run with full permissions to all the user's files? Surely by now Adobe would have learned to run it in a sandbox. For example, the code that reads and renders the PDF could run in a separate process (a la IE8 or Google Chrome) and just send image data back to the main window.

    More generally, the OS needs to make it completely easy to sandbox applications, so even the stupidest application developer can do it with little effort. Indeed, the default should be that it has no access to write files anywhere except those chosen by the user with the Save As box. I'm not holding my breath though...

    --
    -- Ed Avis ed@membled.com
    1. Re:Sigh... still no basic sandboxing by bcrowell · · Score: 5, Informative

      And why exactly does Adobe Reader run with full permissions to all the user's files? Surely by now Adobe would have learned to run it in a sandbox. For example, the code that reads and renders the PDF could run in a separate process (a la IE8 or Google Chrome) and just send image data back to the main window.

      You're proposing to attack the problem in the least efficient possible way. This is yet another in a long series of exploits in AR that use the fact that in its default configuration it executes JavaScript embedded in PDFs. The right way to approach this, as a matter of design, would be not to embed a Turing-complete language in a file format that doesn't need it. Once you embed a Turing-complete language in the format, you're giving the bad guy the ability to run any code he wants on the user's machine. The moral of Turing's theorem is that it's essentially impossible to have any automated check that determines what a piece of code will actually do when you execute it. So yeah, you can try to sandbox it, but that's a last resort.

      You're comparing with a web browser. A web browser is qualitatively different. In a web browser, the user (a) wants to be able to run javascript code, and (b) expects that such a thing will happen. In a PDF reader, there is typically no reason for the reader to want it to run JS, and the reader has no sane reason to expect it to run JS. Actually, the reason Adobe made AR execute JS by default was that it wanted to be able to do things that are inherently inimical to the user's interest. JS allows the creator of the PDF to determine who's reading the document, and also provides a mechanism for DRM. Lots of people who create PDFs want to believe in the DRM fable that they can give a document to other people, but then control the use of the document after that. As with all DRM, it's inherently impossible to make it work right as long as the user has hardware that they're really allowed to use as a general-purpose PC. E.g., to remove the DRM from a PDF on a linux box, you can do this: gs -q -dCompatibilityLevel=1.4 -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=b.pdf a.pdf -c '.setpdfwrite'

      As a user, there are basically two sane things you can do. (1) Don't install AR on your machine. Use something else, such as evince on linux, or foxit on windows. They're faster anyway. (2) If there really is extra functionality in AR that you need, turn off JS. To disable js, go to Edit, Preferences, JavaScript, and uncheck "Enable Acrobat JavaScript".

      --
      Find free books.
  2. Patch by March something? by rjune · · Score: 5, Interesting

    Today is February 20. This is listed as a critical flaw and they are taking 18 days to release a patch. I'm glad they're getting right on this.

  3. Re:What about Foxit? by InsertWittyNameHere · · Score: 5, Funny

    Foxit has compatibility problems because it doesn't have all of the features of Adobe Reader 9.

    For example it doesn't open the specially crafted PDFs our clients send us at work, which are thoughtfully secured with AntivirusXP2009

  4. Re:What about Foxit? by Anonymous Coward · · Score: 5, Informative

    The problem is a buffer overflow + using javascript to fill the overflow with shell code (which is OS/CPU specific). I just did a test on x86 linux and acrobat reader for linux is affected as well.

  5. Re:Adobe should separate pdf and acrobat more by Permutation+Citizen · · Score: 5, Informative

    - If you want a format ISO standardized.
    - If you need long term archiving, being sure that after several years your document will be the same even if your computer and your printer have changed.
    - If you don't need fancy new stuff, video, sounds.
    - But you still want wide support PDF has for reading and printing everywhere.

    Then use PDF/A.

    This is a subset of PDF. It can be produced by Acrobat, but also a wide range of other vendors applications and scanners, including OpenOffice.

  6. Re:What about Foxit? by stonewallred · · Score: 5, Informative

    the "nice" feature on this is that you can copy and paste protected documents.