Syber Group
Quote | Consultation | Support | Blog
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Adobe Reader Security Issue Found

May 8, 2013 by  
Filed under Security

Comments Off on Adobe Reader Security Issue Found

McAfee has discovered a vulnerability in Adobe’s Reader program that allows people to track the usage of a PDF file.

“Recently, we detected some unusual PDF samples,” McAfee’s Haifei Li said in a blog post. “After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader.”

The affected versions of Adobe Reader also include the latest “sandboxed” Reader XI (11.0.2).

McAfee said that the issue is not a “serious problem” because it doesn’t enable code execution, however it does permit the sender to see when and where a PDF file has been opened.

This vulnerability could only be dangerous if hackers exploited it to collect sensitive information such as IP address, internet service provider (ISP), or even the victim’s computing routine to eventually launch an advanced persistent threat (APT).

McAfee said that it is unsure who is exploiting this issue or why, but have found the PDFs to be delivered by an “email tracking service” provider.

The vulnerability works when a specific PDF JavaScript API is called with the first parameter having a UNC-located resource.

“Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog,” Li said. “The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog.

“However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

McAfee said that it has reported the issue to Adobe and is waiting for their confirmation and a future patch. Adobe wasn’t immediately available for comment at the time of writing.

“In addition, our analysis suggests that more information could be collected by calling various PDF Javascript APIs. For example, the document’s location on the system could be obtained by calling the Javascript “this.path” value,” Li added.

Source

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Oak Trail Tablets Coming Next Month

April 5, 2011 by  
Filed under Around The Net

Comments Off on Oak Trail Tablets Coming Next Month

Word on the street is that Intel will keep their word and debut Oak Trail based tablets as promised next month.  Apparently, the tablets will be introduced during the week of Computex, that opens May 31.  An Intel representative was speaking with PC Advisor and basically confirmed that the first batch of tablets should be available in May.  No pertinent information in reference to design and launch schedules were revealed.  Nevertheless, many PC manufacturers such as Fujitsu, Lenovo and Samsung were said to be the first to show tablets that are based on Oak Trail and Windows 7.

Read More….

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Adobe Flash Exploited

March 16, 2011 by  
Filed under Around The Net

Comments Off on Adobe Flash Exploited

Hackers have found a way to exploit  Adobe Flash Player by using a zero-day vulnerability by using Microsoft Excel documents that was confirmed by Adobe yesterday. Adobe representatives that they will not be able to patch Flash until next week. Therefore, if you use Flash you are on your own until next week.  Read More….

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,