Archive for August, 2010

Pssst! PDF is an ISO Standard

PDF is closely associated with products such as Adobe Reader and Acrobat, but the ubiquitous file format has been an open ISO Standard since 2008. Anyone can develop and distribute software to create and view PDF documents. This means that not all PDF-related vulnerabilities are automatically Adobe vulnerabilities.

Why point this out today, you may ask? There are a number of public discussions happening this week around the so-called “iPhone jailbreak PDF vulnerability,” and we have received a significant number of inquiries from concerned customers asking whether this vulnerability affects Adobe Reader or Acrobat. This vulnerability appears to be in the implementation of the PDF viewing technology — as opposed to a problem with the PDF specification itself.

As is the case with any report of vulnerabilities potentially affecting Adobe products, we have carefully investigated this particular exploit. An initial public report of the jailbreakme.com sample crashing Adobe Reader has since been retracted. All of our analysis to date indicates that the vulnerability used in the iPhone jailbreak does not impact Adobe Reader or Acrobat.