Lately, there's a news said that a new security gap of PDF file has been found. Actually this hole has been patched in January 2007, but it opened again in summer this year when there's a news about applied of new method to removes spam. That spam filter detected email spam it has PDF form. Many spam filter software vendor then have as a conclusion that admission filling of form on that PDF file can be a security gap.
In this time Petko D.Petkov, Gnucitizen chairman, a website about security and security consultant in England has found that security gap on PDF file bases on JavaScript Code, that code will force email client to open the PDF file it's infected by virus.
Petkov did not publicize the sample of this code because he think this is very dangerous and in fact PDF has spread in a everywhere and it needed times for Adobe to fix their product. Paul Henry, vice president of Secure Computing, said eventhough without any sample code, it can be force wicked side to make use any security gap in PDF format. It triggers wicked side to seek this gap.
Henry said that hole just waiting for trigger, because PDF can embed JavaScript inside the file, it will avoid them from antivirus scanning. In this time of Web 2.0 is very important to scan anything comes from network including scripts and any suspicious looking intention.
Adobe said that his side understood with this problem and communicating with Petkov. Know adobe is canvassing this gap. After this process done, plaining to inform it in Adobe Security Bulletin and in Advisories page on its site.
till now both Adobe or Secure Computing suggesting: Do not open any PDF file from unknown source or unexpected file, if receive from trusted person, always confirm first before open it.
0 comments:
Post a Comment