pdf.pngThat’s the title of an article in Intego’s Mac Security Blog:

In a recent presentation to the Chaos Communication Congress in Berlin, security researcher Julia Wolf highlighted a number of “features” of the PDF format that could lead to serious security issues. Wolf showed that a PDF could contain a database scanner that could “scan a network when the document is printed on a network printer,” and that PDFs could “blindly trigger the execution of arbitrary programs in Acrobat Reader.” PDFs also support “inherently insecure script languages such as JavaScript, formats such as XML, RFID tags and digital rights management (DRM) technologies.”

In addition, PDFs are such that data can be hidden in many places within files. Document and metadata can be read and modified using Javascript, and compressed files, such as ZIP files, could be incorporated inside PDFs. In short, the PDF format, designed to retain layout across platforms, has been turned into a kitchen-sink format that does far too much, and this overloading of features leads to potential security issues.

More info in the article.


The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail newteleread@gmail.com.