pdf reader | Breaking Cybersecurity News | The Hacker News

Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry...

I hope you had biggest, happiest and craziest New Year celebration, but now it’s time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company's Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did classify the security flaws as critical since they allow privilege escalation and arbitrary code execution in the context of the current user. Both the vulnerabilities were reported to Adobe by security researchers--Abdul-Aziz Hariri and Sebastian Apelt—from Trend Micro's Zero Day Initiative (ZDI). Critical Adobe Acrobat and Reader Vulnerabilities The first vulnerability, reported by Apelt and identified as CVE-2018-16011, is a use-after-free bug that can lead...

Yet another incident that shows why you should never blindly trust packages from user-controlled software repositories. Arch Linux , one of the most popular independently developed Linux distributions, has removed three packages from its community-driven Arch User Repository (AUR) after they were found to contain malicious code. Arch Linux is a general-purpose GNU/Linux distribution focused on free and open-source software with strong community involvement. In addition to its official repositories, users often rely on the AUR for additional packages maintained by fellow users. Because AUR packages are user-submitted, Arch maintainers have always advised users to carefully inspect the PKGBUILD and any .install files for suspicious commands before building and installing them. Compromised PDF Viewer Found on Arch Linux AUR On June 7, a malicious user nicknamed "xeactor" adopted an orphaned AUR package called acroread (a PDF vie...