Both Foxit Software and Adobe Systems are looking at ways of warning users about a new PDF attack threatening system security. Didier Stevens, an IT consultant with Contraste Europe, discovered the vulnerability, which entails getting PDF viewers to automatically execute embedded executables when the PDF file is opened.
"After receiving word of a recent security concern, the Foxit development team immediately looked into the issue, confirmed the risk and resolved the situation quickly," the company told eWEEK in a statement. "Foxit expects to release a new version of Foxit Reader with this fix on April 2, 2010.
"To address the specific problems outlined, Foxit has added a warning dialog box that will pop up when a PDF file is opened with Foxit Reader, asking the user to agree to execute or not," the company continued. "This solution adds a layer of safety yet maintains Foxit Reader’s compliance with current PDF standards."
Adobe already has a warning box in place, but Stevens claims there's a way for hackers to partially alter the dialog. According to eWEEK, Adobe is discussing the potential threat but didn't say if it would take any further precautions.