PDF: new iPhone viewer; another PDF/Flash exploit

July 24, 2009 | 12:42 pm

By Paul Biba

Some PDF news today. Thanks to Planet PDF. First, a PDF viewer for the iPhone:

this week in PDF has also seen the launch of Readdle’s new iPhone-based PDF viewer. PDF Expert 1.0 allows users to save PDF email attachments, perform full-text document searching, navigate using PDF bookmarks and includes support for password protected documents. In addition to PDF documents, PDF Expert can also be used to view Microsoft Office files, iWork documents, HTML, TXT and image files. The built-in network file server allows users to mount PDF Expert as a shared network drive over a Wi-Fi network to any computer equipped with Mac OS X 10.4 or later, Windows XP or Windows Vista and copy documents to the iPhone using drag-and-drop or copy/paste techniques. PDF Expert is available exclusively on the Apple App Store at USD $4.99. For more on the product, visit the official Readdle website.

Now, we have another PDF exploit. In order to remain safe the article recommends “Using an alternative reader like those from Nitro PDF Software or Foxit might be a short-term solution. Or users can also disable the Flash in Adobe Reader 9 and disable Flash Player as well.”

Patrick Fitzgerald on Symantec’s blog, noted their discovery of an Adobe Acrobat PDF file that “upon opening drops and executes a malicious binary.” Fitzgerald goes on to say in the post, “It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload.”

Fitzgerald also noted that upon further inspection it was a new vulnerability that they had not seen in the wild before. “What was even more surprising was that this vulnerability affects Adobe Flash — not Adobe Reader as we initially suspected.”

He writes, “The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique.” Fitzgerald also noted that in the newly discovered exploitation the PDF exploiting the vulnerability includes multiple Flash streams. And that their testing revealed the vulnerability is exploitable on both Windows XP and Vista, but the dropped executables will not run on Vista if UAC is enabled.

Adobe posted on its site, that it was aware of the “potential vulnerability” and would update users with more information soon.

Print Friendly

Comments

"@Karel Rei it's the second link on the results page (does take a while to process for those bigger files, though if you provide your email ..."

Dmitry on "FB2 to PDF conversion for Kindles and other ereaders - Posted on February 14, 2012

"I guess Amazon will discover how long it's taking me to read Moby Dick! ..."

C. Bailey Sims on "How Publishers Misunderstand Kindle, by Ted Striphas - Posted on February 14, 2012

"I agree with MarylandBill, I think most super bookworms have already purchased at least one eInk reader, they would have been the early adapters, not ..."

Common Sense on "Is the tablet killing the ereader? - Posted on February 14, 2012

"I have had a Kindle since V2, but I doubt Amazon knows a whole lot about my e-reading preferences. I think I've turned the wireless ..."

Wendy on "How Publishers Misunderstand Kindle, by Ted Striphas - Posted on February 14, 2012

"@MarylandBill I read more than a novel a week (more like 3-4), and I find the tablet superior, still. But based on what I've been ..."

Juli Monroe on "Is the tablet killing the ereader? - Posted on February 14, 2012

More Comments...

July 24, 2009 | 12:42 pm

By Paul Biba

Leave a Reply

1st Ad

Comments

2nd Ad

Contact