134 security holes in Word and Adobe Acrobat

We should not worry because there are security holes in our equipment, although it is evidence that they exist. Many of them have not been exploited yet, hence so much effort and resources are spent to detect and patch them as soon as possible. On the stage of Black Hat Asia This year, a conference that took place in Singapore focused on computer security, a tool has been presented that has discovered 134 security holes in two of the most used programs in the world.

Some of these holes are dangerous

This tool, called “Cooper”, has proven to be quite efficient when it comes to its operation. All these security flaws have been discovered by her, although it should be noted that the 134 are not as dangerous. Of all this amount, there is a total of 59 that the developers of both software have considered worth fixing; 33 who have been assigned a CVE number, and 17 who have even been given a “reward” that will be taken by the one or those who manage to solve it.

One of those responsible for the creation of “Cooper”, Xu Peng, explained during the event that both Word and Acrobat accept scripting language input. In fact, Acrobat even allows Java Script manipulate PDF files. This requires the PDF to define native PDF objects and parse the JavaScript code. Acrobat modules render the native objects, and a built-in JavaScript engine handles the scripts.

This code, in the words of Xu Peng and the rest of his contributors, “is prone to inconsistent semantics and security holes, leading to serious vulnerabilities.” As we have told you a little above, not all of these security flaws are equally serious, but, for example, we have two of them (CVE-2021-21028 and CVE-2021-21035) that are very important and have been dice a score of 8.8 out of 10 in Acrobat.

an adobe mistake

An Adobe Security Flaw Considered ‘Very Dangerous’

A tool that can give a lot to talk about

The development of “Cooper” This is great news for computer security.. It has been developed by Xu Peng and Professor Purui Su, both from the Chinese Academy of Sciences, security researcher Yanhao Wang from the QI-ANXIN Institute of Technology Research, and Hong Hu, an assistant professor from Pennsylvania State University.

The tool itself is a set of scripts that manages to infer in the process by which some scripts or applications can produce unwanted and/or dangerous behavior. Their creators They have made it available to everyone for if you are curious to know more about it, all you have to do is go to its website on GitHub.

Source link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button