Understanding Security Vulnerabilities in PDFs

News of data breaches in both large and small organizations is commonplace these days. What was once a topic of conversation reserved for a small niche of the information technology industry is now something that the average worker discusses as companies educate them to help prevent attacks.

As more and more people talk about data breaches and computer security, the pdf reader is bound to come up. That’s because over the years, criminals have used files as a way to break into computers and networks. Unfortunately, whenever the news mentions a specific software or threat, people begin to worry about the safety and security of their organization’s assets. PDF files and the PDF reader are no exception, however, when you understand how these attacks work and what you can do to prevent them, you’ll feel more confident in your ability to minimize them.

The anatomy of an attack

In order to compromise a computer, the attacker must get their malicious software (malware) onto the victim’s computer. There are many ways to accomplish this, but the easiest and most common is to send a spear phishing email with a malicious file. The term “spear phishing” means an email directed at specific individuals or companies. Attackers use these emails to attempt to gain personal information about their target to increase their chance of success. This technique accounts for 91% of phishing attacks.

Attackers can use a variety of file and document types to exploit vulnerabilities in software applications, but for purposes of this discussion, let’s say that they use a PDF file, crafting it to exploit a security hole in the PDF reader software. For example, the file may cause the PDF reader to crash and download the real malware from the Internet. This allows the executable file to circumvent email filters and users that know they shouldn’t open an .exe file attached to an email. In this case, a dummy PDF file opens so the victim doesn’t realize there’s a problem.

In this case, as in so many, the number one thing your business can do to prevent this kind of phishing expedition from succeeding is to educate employees how to recognize suspicious emails and not to open unknown attachments. While attackers are ultimately exploiting a software security hole, in this case, the biggest vulnerability they’re exploiting are human beings.

But what about the software? How can your business protect itself against software vulnerabilities, even those in PDF readers?

Protecting your business software against security vulnerabilities

Like all types of software, your PDF reader needs to be updated when patches or new versions are released. That’s because these updates typically contain the code to fix zero-day vulnerabilities—the name given by security experts to vulnerabilities found and exploited by hackers that the vendor and security industry doesn’t know about—along with any other issues that developers may have found in the software.

You should also stay aware of any security vulnerabilities that are found in the software they rely on for day-to-day operations. Foxit makes these known to their customers through a security bulletins page in the support section of the website.

Understanding software security

Every type of software application is susceptible to vulnerabilities, not just PDF readers. Like every other type of software, PDF software undergoes extensive testing to plug any security holes. If a security vulnerability in a specific PDF reader is found, this doesn’t mean that it will affect software created by other vendors. Exploits are usually application specific.

As long as organizations have something that others want, security will be a concern. Smart organizations do everything they can to fight back against these attackers—from educating staff about how to spot suspicious emails to making sure that their tools are up to date and patched. Working with vendors, especially when it comes to PDF readers, who take the security of their products seriously lays the foundation needed to keep your business safer.

6 thoughts on “Understanding Security Vulnerabilities in PDFs

  1. Eliza Ryan-Bowley

    Very interesting. I had heard of “phishing” before but not of “spear phishing”. As a point of rule I don’t open any attachments in e-mails that aren’t addressed to me personally or if they’re from someone I don’t know. I have only just recently become aware of Foxit and am already quite impressed. I hope we go on to have a long and lasting relationship.
    Thank you once again.

  2. Ken C

    You refer to an attack that leverages a vulnerability in the actual code (probably a buffer overrun) and causes a crash and malicious code to execute.
    Most of the PDF based attacks I have heard of involve using JavaScript within the PDF reader. Isn’t this a more common approach used by attackers?
    None the less, your point that human vulnerabilities are still the main point of access is just as valid.
    Ken C.

    1. MikeRam

      Yes, I was surprised there was no mention of the JavaScript based attacks. But ultimately the point is 100% spot on – users actions.


Leave a Reply

Your email address will not be published. Required fields are marked *