Pagoda Blog

Adobe PDF Zero-Day Flaw Enables Location Tracking

April 30, 2013

By Robert Westervelt
April 29, 2013    3:26 PM ET


McAfee has detected ongoing attacks targeting an Adobe (NSDQ:ADBE) Reader zero-day vulnerability that could enable attackers to conduct location tracking of a malicious file.

The firm said it detected malicious PDF files that can enable a sender to see when and where a file is opened, wrote Haifei Li, a McAfee threat researcher. While the flaw is not serious -- it doesn't enable remote code execution -- it can be used as part of a targeted attack campaign, Li wrote.

"We don't want to overvalue the issue. However, we do consider this issue a security vulnerability," Li wrote. "Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks."

Return to Pagoda Blog Main Page