Vulnerability in PDF files
Security experts from Ruhr University Bochum and Münster University have found two serious flaws. Their testings targeted specifically the way PDF files encrypt their data. It appears this method undermines their original goal.
There is a vulnerability in PDF files. Some functionality that, supposedly, allows the mixing of a written text with graphics. From the description, it’s not clear whether the attacker can actually intercept and read messages inside the file. It’s possible that they can load additional content (web pages) in a PDF document that someone might have saved on their computer. Researchers were able to extract information from PDFs by using forms embedded in the PDFs, links that were embedded within the files, and Javascript code. In this specific case they gathered data through encrypted PDFs.
A new security vulnerability in PDF files, caused by a weakness in CBC encryption mode, gives attackers increased chances of breaking into encrypted information. This means that a malicious person could use this vulnerability to create false evidence.
For security, many companies use encryption to protect their data. IBM offers “PDF encryption” services and it’s a popular option to secure sensitive information.
Although all drawbacks are found in software that deals with PDF documents, these types of shortcomings are generally a consistent part of the document’s design. Of 27 PDF viewer software tested, each and every single one of them had at least one of the vulnerabilities detailed in the evaluation. In fact, they all had similar flaws that could lead to problems with security data. Adobe Acrobat, Foxit Reader, Evince, Okular, Chrome and Firefox are just some examples of software that were vulnerable.
You can read another interesting, technology-related article by clicking here.
Author: PC-GR
The World of Technology
