So the attacker has to have exploits in every pdf reader app on linux? Since it is not Adobe only and there are quite a few. Or maybe a common backend engine (mupdf and popler)...
Yeah, I suspect that a rather lot of the options use the same libraries; https://en.wikipedia.org/wiki/Poppler_(software) claims that poppler is used by Evince, LibreOffice 4.x, and Okular (among others).
An attacker doesn’t need every attack to work every time. One breach is usually enough to get into your system, so long as they can get access to the right machine.
I heard a story from years ago that security researchers tried leaving USB thumb drives in various bank branches to see what would happen. They put autorun scripts on the drives so they would phone home when plugged in. Some 60% of them were plugged in (mostly into bank computers).
The attacker obviously does not need to have exploits in every pdf reader app on linux, it needs to have an exploit in a single pdf reader app out of all those which someone in your organization is using. If 99% of your employees are secure but 1% are not, you're vulnerable. Perhaps there's a receptionist in your Elbonian[1] branch on an outdated unpatched computer, and that's as good entry point in your network as any other, with possibilities for lateral movement to their boss or IT support persons' account and onwards from there. In this particular case, a developer's Linux machine was the point of persistence where the malware got inserted into their server builds, however, most likely that machine wasn't the first point of entrance in their syetems.
Remember how Adobe removed Flash support from Acrobat a couple of years back? Attacks like this are why. Well, and Flash had other issues, too.
I'm not sure when you started using PDFs (I remember mid-90s when my Dad told me about this cool new document format that would standardize formats across platforms, screen and paper!), but hardly anything is static any more.
The nexus of unsafe programming languages and exploit markets, where for the right price you can purchase undisclosed bugs basically ready to use. Modern offensive security is essentially a bit like shopping in Ikea
PDF is a nightmare format, including such gems as javascript IIRC; it's not surprising that it can be used to make exploits in reader software.
So the attacker has to have exploits in every pdf reader app on linux? Since it is not Adobe only and there are quite a few. Or maybe a common backend engine (mupdf and popler)...
Yeah, I suspect that a rather lot of the options use the same libraries; https://en.wikipedia.org/wiki/Poppler_(software) claims that poppler is used by Evince, LibreOffice 4.x, and Okular (among others).
1 reply →
An attacker doesn’t need every attack to work every time. One breach is usually enough to get into your system, so long as they can get access to the right machine.
I heard a story from years ago that security researchers tried leaving USB thumb drives in various bank branches to see what would happen. They put autorun scripts on the drives so they would phone home when plugged in. Some 60% of them were plugged in (mostly into bank computers).
The attacker obviously does not need to have exploits in every pdf reader app on linux, it needs to have an exploit in a single pdf reader app out of all those which someone in your organization is using. If 99% of your employees are secure but 1% are not, you're vulnerable. Perhaps there's a receptionist in your Elbonian[1] branch on an outdated unpatched computer, and that's as good entry point in your network as any other, with possibilities for lateral movement to their boss or IT support persons' account and onwards from there. In this particular case, a developer's Linux machine was the point of persistence where the malware got inserted into their server builds, however, most likely that machine wasn't the first point of entrance in their syetems.
[1] https://dilbert.fandom.com/wiki/Elbonia
Remember how Adobe removed Flash support from Acrobat a couple of years back? Attacks like this are why. Well, and Flash had other issues, too.
I'm not sure when you started using PDFs (I remember mid-90s when my Dad told me about this cool new document format that would standardize formats across platforms, screen and paper!), but hardly anything is static any more.
The nexus of unsafe programming languages and exploit markets, where for the right price you can purchase undisclosed bugs basically ready to use. Modern offensive security is essentially a bit like shopping in Ikea