Adobe Confirms PDF Information Leakage Flaw, Promises Fix 5/14

Adobe is getting the word out that a flaw related to its Acrobat and Reader software can cause some data leakage from PDFs. The company’s Product Security Incident Response Team (PSIRT) noted the issue on its blog and promised to solve the problem with the next security update to Adobe Reader and Acrobat, which is slated for May 14th.

Adobe views the data leakage issue to be a “low severity” problem, as the only information that ends up being exposed is the users IP address and timestamp. The problem only occurs when a “specially crafted PDF” is opened, according to Adobe. Security firm McAfee Labs, which recently reported on the issue, says that hackers could use the flaw to track PDFs to see where they’re opened (based on the IP address) and when they’re opened. There is some evidence that hackers are using the flaw, but because little damage can be done with it, the problem doesn’t seem to warrant an emergency fix.