12px13px15px17px
Date:09/10/19

In the PDF files found critical vulnerability that turns them into “zombies”

The encryption system of the PDF files contains a critical vulnerability, according to German experts on cyber security. We are talking about the protection built into the PDF standard, not the external encryption tools. Based on the found vulnerabilities experts have modeled the attack, which was called “PDFex”.
 
Studying the vulnerabilities found, German hackers have discovered two ways of its possible use. During the practical tests they cracked 27 PC applications and web applications for reading PDF files, including Adobe Acrobat, Foxit Reader, Nitro, and built-in PDF viewer in Chrome and Firefox. In all cases they managed to retrieve data that was considered encrypted and secure.
 
The first type of attack using PDFex called “direct exfiltration”. It turns out that the encryption system handles not the whole PDF file, but only some part of it. But the attacker maintained access to the open parts that they can modify — for example, including the user data forwarding at the time of decoding, at a fake address.
 
The second type of attack is based on the use of CBC tools to spoof encrypted sites directly in the file. The aim here is to create a “mined” file, which itself will send its contents to a remote server using PDF forms or URLS. In the first and in the second case for holding PDFex-attack requires direct access to the file, or at least intercept the network traffic of the user. The vulnerability is considered critical and will be described in detail at the upcoming conference on network security ACM Conference on Computer and Communications Security.





Views: 179

©ictnews.az. All rights reserved.

Facebook Google Favorites.Live BobrDobr Delicious Twitter Propeller Diigo Yahoo Memori MoeMesto






02 June 2020

02/06/20
ZTE Axon 11 SE 5G is official with Dimensity 800

Right on schedule, ZTE has announced the Axon 11 SE 5G in China. The key feature of the Axon 11 SE 5G is the 

02/06/20
New WhatsApp warning as this malicious hack strikes again: Here’s what you do

It’s the malicious WhatsApp hack that won’t go away—it works, it’s effective, and it enables a hacker to hijack your 

02/06/20
Realme Smart TV to go on sale today at 12 noon via Flipkart, Realme Site: Price in India, Specifications

Realme TV models will go on sale in India today for the first time starting at 12pm (noon). The Realme Smart TV 

02/06/20
Huawei Mobile WiFi 3 Router unveiled with support for up to 11 4G/3G frequency bands

Huawei has got an array of high-end routers to its name including 5G routers. But if you are low on cash and needs

02/06/20
China’s giant radio telescope will start searching for aliens in September

China will soon make a significant contribution to the search for extraterrestrial life. State media outlet Science and 

02/06/20
6.1-inch iPhone 12 production to begin in July ahead of other 2020 models

Volume production of Apple's forthcoming 6.1-inch "iPhone 12" models will start in July-August ahead of the rest 

01 06 2020

01/06/20
Redmi 10X 5G is now available for purchase in China; price starts at 1,599 yuan ($224)

Last week, Redmi had launched its Redmi 10X series of smartphones, which included the Redmi 10X 4G, Redmi 10X 5G

01/06/20
Samsung Exynos 850 launched: A powerful chip for cheap smartphones

After announcing the Exynos 880 chip last week, Samsung has now expanded its chip portfolio by introducing 

01/06/20
Huawei announces CableFree, a new breakthrough in 5G Antenna technology

Earlier this week, Huawei announced a new breakthrough in its 5G networking field. The company unveiled CableFree,

01/06/20
Minister Ramin Guluzade meets with children in online format

The Ministry of Transport, Communications and High Technologies and Public Union Zafar: Support for Martyrs’ Families have organized an online m

01/06/20
202 years pass since establishment of postal communications in Azerbaijan

Today marks the 202nd anniversary of the establishment of postal communications in Azerbaijan. Postal services