Just when you thought you were safe…
Well, OK if you’re a savvy Internet user you never REALLY feel safe. But one place where your online safety has normally been pretty secure is with the PDF files that you find to view or download. But now it’s been discovered that even PDF files have security issues.
But let’s backtrack a bit and give you a bit of background.
What Are PDF Files?
For those unfamiliar with them, PDF files (PDF = Portable Document Format) are a special document-like format created by Adobe that allow you to share documents created with just about any program with other folks who don’t have that same program.
For example, let’s say you use Microsoft Word to create a 50-page story of your life that includes lots of great pictures, and you want to share that document with your Aunt Ruth. So you send to her as an email attachment, but alas, when she tries to open it, she can’t! She doesn’t have Microsoft Word on her computer!
But, if from inside of Word you had saved that story as a PDF file, and then sent it to her, she would have no problem at all opening it, viewing it, and even printing it. That’s because just about everyone who has a PC or Mac already has the free Adobe Reader program on their computer. And the Adobe Reader is all you need to open a PDF.
So what Adobe has done by creating the PDF format, and then giving us the free Adobe Reader, is a mechanism for sharing documents without worrying about our audience having the right software to open that document.
Two Ways PDF Files Are Opened
- A friend might create something in PowerPoint or Word and then save it as a PDF file and send it to you as an attachment (as we did above with Aunt Ruth).
- You buy a new software program at the store, and instead of coming with a printed manual, the manual comes as a PDF file on the CD/DVD installation disc.
- You visit a web site to get some information, and there’s a PDF brochure or booklet you can download and read or print.
- PDF’s that you SAVE to a folder on your computer and then double-click to open are opened directly inside the Adobe Reader program.
- PDF’s that you find on a web site as a link, and then click… are opened inside your browser program using an “in-browser-version” of the Adobe Reader.
But now back to the security issues.
As you might imagine, with everyone having the Adobe Reader and frequently opening up PDF files that they get from friends or find as free information on the Internet, PDF files have become a lucrative target for those bad people who create viruses and malware.
But knowing this, Adobe took extra steps to make the Adobe Reader and PDF’s secure by introducing a special feature called “sandboxing“.
With Sandboxing, any malware or virus ridden PDF file is trapped inside the Adobe Reader and can’t get out to infect your computer. And they added this security feature to both the full reader and the in-browser version.
But as with all things on the Internet that are supposed to be “totally safe”, hackers recently found a way to trick the Adobe Reader sandbox feature, and the trick was published as part of a hacker toolkit that many of those bad-hacker-people use.
The first hacker attacks are already being seen in the form of banking malware that’s being installed on victims computers.
Not only does the exploit target the regular Adobe Reader, but also the in-browser versions for Internet Explorer and Mozilla Firefox. Interestingly, the Google Chrome version seems to be immune to the problem because Chrome has some additional built-in security for the Adobe Reader.
What To Do?
As of the date this article is published (November 11, 2012), Adobe has not yet released a fix for the security flaw. But considering the wide-spread issues this could cause, most experts believe Adobe will come out with an update sooner than later.
In the meantime, you can use typical Internet related common sense to protect yourself.
- Don’t open a PDF email attachment that comes from an unknown source.
- Don’t download or open a PDF from sites that you do not trust.
- Make sure you are running a good anti-virus/anti-malware program.
- When Adobe tells you that there’s an update to the Adobe Reader program, be sure to install it.
And again, don’t forget I have an entire book about the subject called Staying Safe on the Internet. CLICK HERE to read more about it.
Please leave any questions or comments below in the Comment box. I’d love to hear from you!