"The attack exploits a previously unknown vulnerability, meaning that simply opening a seemingly innocent document can be enough to collect sensitive information and send it to an external server."
"By exploiting this, attackers can manipulate object properties and thereby gain access to functionality that is normally out of reach, enabling them to collect data."
"Notably, the attack does not immediately proceed to full compromise. Instead, a profile of the victim is first built up."
"Researchers confirmed that this method allows not only for information gathering but also for the execution of external code within Adobe Reader."
A new attack targets Adobe Reader users through specially crafted PDF files that exploit a previously unknown vulnerability. This attack utilizes obfuscated JavaScript to collect sensitive system information and send it to external servers. The vulnerability involves prototype pollution within the JavaScript implementation of Adobe Reader, allowing attackers to manipulate object properties. The attack builds a profile of the victim before deciding on further actions, which may include executing additional code for full system compromise.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]