SeijiSensei
October 5th, 2013, 05:10 PM
Adobe announced (http://www.bbc.co.uk/news/business-24392819) yesterday that its servers had been breached. Along with the two million accounts pilfered, the more disturbing news for Linux users is that source code was stolen as well. Both Acrobat Reader and Flash Player have a reputation (http://news.cnet.com/8301-1009_3-57562914-83/adobe-mends-security-holes-in-flash-reader-acrobat/) for security holes. Now that the source is available to this band of thieves, we have to assume that the chances for additional exploits via Adobe products has increased.
While most of us here probably use Flash Player much more than Acrobat Reader, it is the latter program that poses the greater risk. We have already seen instances where carefully doctored PDF files have been used in attacks on client workstations. Since PDF documents are a normal part of business, installing an exploit (http://nakedsecurity.sophos.com/2011/12/10/targeted-emails-exploit-new-acrobat-reader-vulnerability/) by getting a CEO to read an infected PDF is an attractive strategy if you want to establish a back door into corporate servers.
While most of us here probably use Flash Player much more than Acrobat Reader, it is the latter program that poses the greater risk. We have already seen instances where carefully doctored PDF files have been used in attacks on client workstations. Since PDF documents are a normal part of business, installing an exploit (http://nakedsecurity.sophos.com/2011/12/10/targeted-emails-exploit-new-acrobat-reader-vulnerability/) by getting a CEO to read an infected PDF is an attractive strategy if you want to establish a back door into corporate servers.