It has not been a good week for PDF programs. We had an Adobe Acrobat & Reader update released yesterday that fixed 86 vulnerabilities, including numerous critical ones. Not to be beaten, an update for Foxit PDF Reader and Foxit PhantomPDF was released last Friday that fixes a whopping 116 vulnerabilities.
Tavis Ormandy, a Google Project Zero security researcher, has revealed details about a new major vulnerability discovered in Ghostscript, an interpreter for Adobe's PostScript and PDF page description languages.
Microsoft said today that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers.
An unidentified hacker group appears to have accidentally exposed two fully-working zero-days when they've uploaded a weaponized PDF file to a public malware scanning engine.
Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each command, Microsoft has included a detailed description of the command, their command line arguments,.and for some commands, what operating system the documentation applies.
PDF files can be weaponized by malicious actors to steal Windows credentials (NTLM hashes) without any user interaction, and only by opening a file, according to Assaf Baharav, a security researcher with cyber-security Check Point.
A bug discovered in an obscure PDF parsing library back in 2011 is also present in most of today's top PDF viewers, according to German software developer Hanno Böck.
Google has made a few changes to recent Chrome versions that most users are bound to disagree with since it takes away some of their control over the browser.