PDF Security through Minority
Thursday, March 5th, 2009by Dave Kennedy & Kevin Long
With so many defensive mitigations available, losing sleep over the latest Adobe Acrobat and Reader vulnerability just doesn’t add up.
Threat:
- Indeed there are malicious PDFs in the wild. The most recent high-profile example was a successful attack on eWeek’s web site resulting in iFrames offering malicious PDFs, but it’s important to note that these did not use the new vulnerability but rather last November’s.
- Only a small set of targeted attacks using the new vulnerability have been reported.
- An exploit has been posted on one of the “usual suspects” sites.
