Adobe is getting the word out that a flaw related to its Acrobat and Reader software can cause some data leakage from PDFs. The company’s Product Security Incident Response Team (PSIRT) noted the issue on its
blog and promised to solve the problem with the next security update to
Adobe Reader and
Acrobat, which is slated for May 14th.
Adobe's headquarters in San Jose, Calif. Image credit:
Adobe
Adobe views the data leakage issue to be a “low severity” problem, as the only information that ends up being exposed is the users IP address and timestamp. The problem only occurs when a “specially crafted PDF” is opened, according to Adobe. Security firm
McAfee Labs, which recently
reported on the issue, says that hackers could use the flaw to track PDFs to see where they’re opened (based on the IP address) and when they’re opened. There is some evidence that hackers are using the flaw, but because little damage can be done with it, the problem doesn’t seem to warrant an emergency fix.