NTU Scientists spot critical security flaws in adobe acrobat [Sunday Times (Islamabad)]
(Sunday Times (Islamabad) Via Acquire Media NewsEdge) Software giant Adobe has updated some of its most popular programs, fixing three critical security flaws spotted by scientists in Singapore.
Nanyang Technological University (NTU) researchers alerted the United States company after discovering that hackers could exploit the vulnerabilities in Adobe Acrobat and Reader software - which is used to create and read PDF files - to gain access to users' computers.
They could embed malicious code in PDF files which would be downloaded to the computers surreptitiously when the files were opened.
The codes can crash the affected systems and allow hackers to take control of them to steal information, modify them and use them for other purposes.
The US government's National Vulnerability Database listed the three flaws as critical, awarding them the highest 10 score in its Common Vulnerability Scoring System.
The NTU researchers said hackers could engineer their code so it is undetectable even by anti-virus software. They uncovered the flaws as part of their work in the school's security research laboratory.
Dr Wei Lei and Dr Wu Hongjun from the School of Physical and Mathematical Sciences said they look for vulnerabilities in programs to better understand their weaknesses and learn how to create counter-measures.
The researchers were alarmed by the Adobe flaws as "PDF files are highly trusted documents".
"The attacker can send a legitimate-looking file to a user, and the malicious, embedded content can be triggered silently without the user even noticing," said Dr Wei.
He urged people to update their software to protect themselves. The security flaws affect Adobe Reader and Acrobat XI and their earlier versions for both the Windows and Macintosh platforms.
To download the fixes, go to http://helpx.adobe.com/security/ products/reader/apsb14-15.html
(c) 2014 Singapore Press Holdings Ltd. Provided by SyndiGate Media Inc. (Syndigate.info).
[ Back To Technology News's Homepage ]