McAfee detects glitch in Adobe Reader PDF-tracking

McAfee has detected vulnerability in Adobe Systems’ Reader programme that exposes when and where a respective PDF document is opened.

The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place.

McAfee’s Haifei Li said in a statement that although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF.

"Specifically, it allows the sender to see when and where the PDF is opened," Li said.

"Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider or even the victim’s computing routine.

"In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs."

According to the security firm, the issue is witnessed in every version of Adobe Reader including the latest sandboxed Reader XI (11.0.2).

"Some people might leverage this issue just out of curiosity to know who has opened their PDF documents, but others won’t stop there," Li added.

"An APT [advanced persistent threat] attack usually consists of several sophisticated steps. The first step is often collecting information from the victim; this issue opens the door."

Additionally, the security firm suggests Adobe Reader users to disable JavaScript until a fix is released.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up