Security company McAfee announced last week that Adobe’s PDF reader, Reader, has a vulnerability that makes it possible to track a user. Although the vulnerability does not allow for direct attacks, McAfee considers it serious.
By exploiting a bug in the way Reader uses JavaScript, a hacker can create a pdf document that reveals which IP address a user is at and to some extent also register the user’s routines.
– Attackers can exploit the vulnerability to collect sensitive information such as IP address, Internet provider and even computer habits, McAfee writes in a blog post.
According to McAfee, the vulnerability does not pose a major risk by itself, but can be used in combination with other attacks to attack a user’s computer. The company advises users to turn off JavaScript support in Reader until Adobe releases a bug fix.
Adobe has not commented on the data.
IDG News
Discuss security on Eforum