Wednesday, April 29, 2009
Javascript torpedo goes at it again
No more than 2 months ago, I wrote about how the JavaScript feature of PDF is turning it into a weapon for malware creators (read here).
Adobe patched their reader, but it looks like they will need to plug some more holes, as 2 new security issues have popped up involving again the embedded javascript ability of the the PDF format (info here).
Fair enough, you need to be popular to attract the the attention of virus writers, but still it would be a lot harder for anyone to write a useful exploit, if the PDF wasn't helping so much with it being able to just execute stuff like it is an application. ¶ 15:45
No more than 2 months ago, I wrote about how the JavaScript feature of PDF is turning it into a weapon for malware creators (read here).
Adobe patched their reader, but it looks like they will need to plug some more holes, as 2 new security issues have popped up involving again the embedded javascript ability of the the PDF format (info here).
Fair enough, you need to be popular to attract the the attention of virus writers, but still it would be a lot harder for anyone to write a useful exploit, if the PDF wasn't helping so much with it being able to just execute stuff like it is an application. ¶ 15:45
