WinRT PDF, is the default Windows 10 PDF Reader application. However, this app is endangering Edge in a way similar to how Flash, Java, and Acrobat applications have exposed Internet users in recent years.
Windows Runtime (WinRT) PDF Renderer library, or simply WinRT PDF, is a powerful component built into recent versions of the Windows operating system and allows developers to easily integrate a PDF viewer feature into their applications.
The library is used by many applications distributed through the Windows Store. It is included as a default application Reader για PDF στα Windows 8 και 8.1, αλλά και στον Edge browser of Windows 10.
O Mark Vincent Yason, ερευνητής ασφαλείας στην ομάδα X-Force Advanced Research της IBM ανακάλυψε ότι το WinRT PDF μπορεί να αξιοποιηθεί σε επιθέσεις drive-by the same way attackers used Flash or Java.
WinRT PDF as mentioned above is a PDF reader that uses prechoice the Edge.
So any PDF file that is embedded inside a web page will open in the library. A smart intruder can exploit WinRT PDF with a PDF file that could be hidden by using an iframe outside the CSS screen.
Malicious code exploits the vulnerability of WinRT PDF in the same way as exploit kits like Angler or Neutrino to deliver malicious Flash, Java, or Silverlight loads.
Ο κ Yason θα παρουσιάσει μια πιο εμπεριστατωμένη παρουσίαση αυτού του σεναρίου επίθεσης στο συνέδριο της RSA Security in San Francisco.