Lately, news in the PDF industry hasn’t been too good.
Thus far, the PDF issue at the top of the list has mainly been focused upon the iPhone, iPod Touch, and iPad. Since jailbreaking became legal, many users have “freed up” their devices through a visit to the Jailbreakme.com site.
But as it turned out, malicious users were hacking into Apple devices via PDF (the common tool of choice) with the same method Jailbreakme.com was using to break Apple’s security barrier.
As if that weren’t bad enough for PDF users out there, there’s yet another PDF security issue which Adobe is now rushing to fix.
The vulnerability was first disclosed by Charlie Miller, known for finding vulnerabilities within major platforms and brand name software applications. Like most previous PDF vulnerabilities, this one may execute any malicious code hidden in a particular font file when the PDF is opened in Adobe Reader or Acrobat.
This one unfortunately comes right on the heels of Apple’s issues with its own PDF security issues. So close, in fact, that it may lead you to think it’s the same bug. The execution is the same: when your Apple device tries to open a PDF, a specific font file in the PDF gets parsed and with it any hidden programming code.
However, from an article on Computerworld.com , Miller says that, “although the Adobe vulnerability shares traits with the one currently being used to “jailbreak” Apple’s iOS mobile operating system — both involve font parsing errors — they’re not linked”.
While the clarification still does nothing alleviate the current mistrust of PDF files out there, patches and fixes are in the wings. Apple already has its fix for iOS devices and is waiting to be released. Adobe has yet to finish its own, but is promising its launch during the week of August 16.
Either way, until both are complete and ready, opening PDFs on any Apple device or within Reader and Acrobat, should wait, or at very least, be opened with a PDF viewer that hasn’t fallen victim to the exploits yet.
