MUST READ

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

 | 

Microsoft unveils Project Ire: AI that autonomously detects malware

 | 

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

 | 

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

 | 

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

 | 

WhatsApp cracks down on 6.8M scam accounts in global takedown

 | 

Trend Micro fixes two actively exploited Apex One RCE flaws

 | 

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

 | 

Google fixed two Qualcomm bugs that were actively exploited in the wild

 | 

Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

 | 

Cisco disclosed a CRM data breach via vishing attack

 | 

Exposed Without a Breach: The Cost of Data Blindness

 | 

SonicWall investigates possible zero-day amid Akira ransomware surge

 | 

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

 | 

Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer

 | 

Northwest Radiologists data breach hits 350,000 in Washington

 | 

PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

 | 

Lovense flaws expose emails and allow account takeover

 | 

Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024

 | 

Akira Ransomware targets SonicWall VPNs in likely zero-day attacks

 | 

Adobe Reader vulnerability reveals where a PDF is opened

Pierluigi Paganini May 01, 2013

The McAfee security firm found an Adobe Reader vulnerability that reveals where a PDF document is opened.

The McAfee security firm found an Adobe Reader vulnerability that reveals where a PDF document is opened, once again Adobe products are the center of attention of security experts after the numerous attacks that have exploited flaws in its products for cyber espionage campaigns.

McAfee provided only general information to the press for obvious reasons not supplying details of the Adobe Reader vulnerability that affect all Adobe Reader versions, including last one.

It must be clear that the Adobe Reader vulnerability discovered doesn’t allow remote code execution, anyway McAfee consider it a security issue and have alerted the Adobe company.

The blog post reported:

“Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest “sandboxed” Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened.”

The anomalous behavior is observable when the launches a link to another file path, which calls on a JavaScript API. The Adobe Reader displays a security warning to inform the user that he is going to open an external resource such as an Internet URL.

Adobe Reader vulnerability Warning

 

The Reader doesn’t provide information on the availability of the external resource, if doesn’t exist in fact the API doesn’t display any message and returns any TCP traffic.

Adobe Reader vulnerability TCP Traffic

Haifei Li, author of the post, revealed that it is possible to manipulate a parameter of the API to obtain information on the document  such as the location of a document on a system (using the JavaScript call this.path).

The information could be collected by the attacker to gather information on the target as explained in the post:

“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider or even the victim’s computing routine,” Li wrote. “In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs.”

“An APT [advanced persistent threat] attack usually consists of several sophisticated steps. The first step is often collecting information from the victim; this issue opens the door.”

McAfee suggests to the users to disable JavaScript in Reader until the patch will be released.

Pierluigi Paganini

(Security Affairs – Security)

Adobe Adobe Reader vulnerability cyber espionage Hacking McAfee PDF vulnerability

you might also like

Pierluigi Paganini August 07, 2025
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
Read more
Pierluigi Paganini August 07, 2025
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

Security / August 07, 2025

Microsoft unveils Project Ire: AI that autonomously detects malware

Malware / August 07, 2025

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

APT / August 07, 2025

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

Hacking / August 07, 2025

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

Security / August 07, 2025