Your PDF reader may be compromised

HYDERABAD: A new vulnerability has been reported in the Adobe Acrobat Reader, the popular software used to access PDFs, which can lead to corruption of a file and in an expert hacker’s hands, can trick you into opening corrupt files on its interface.

In a bid to allow for more user interaction in the use of Adobe Reader, its creators allow it to support embedded JavaScript. In expert hands, this means giving the ability to precisely control memory layout and provide an additional attack surface.

It may be noted that a memory map or layout in programming is a structure of data that indicates how memory is laid out.

Technically, if an attacker gains control of your layout it could trick you into opening a corrupt PDF. “If the attacker tricks the user into opening a PDF with two specific lines of JavaScript code, it will trigger an incorrect integer size promotion, leading to heap corruption.

“It’s possible to corrupt the heap to the point that the attacker could arbitrarily execute code on the victim’s machine,” read the report.

Meanwhile, earlier this week Adobe released patch updates for tens of security flaws that were affecting its software. It reportedly patched 43 critical vulnerabilities and 28 security bugs. However, it is unclear whether the current vulnerability has been addressed or not.