Apple + Security & Privacy

We recently reported on a vulnerability in Adobe Acrobat, which, while Adobe affects all platforms, Intego researchers found does not affect the Mac. However, our researchers have found that the exploit used to take advantage of the Acrobat vulnerability does indeed affect Apple’s Preview (at least the 10.5 version), as well as other programs that use Preview’s framework to display PDFs, such as Safari, Mail, or even the Finder if a user tries to view a PDF file with this exploit in QuickLook. For now, this is just a proof-of-concept vulnerability, and no code has been found in the wild that attempts to exploit this flaw. But given the widespread presence of PDFs on the Internet, any such bug has serious consequences.

Secunia is reporting that they have created an exploit that does not use JavaScript, which many sources said was needed for this vulnerability to be exploited. This is undoubtedly similar to that which our researchers have discovered, which affects Preview; the Apple program does not support JavaScript.