Here is the definitive fix for Universal PDF XSS Vulnerability

The (in) famous Adobe Acrobat Reader Plugin Universal PDF XSS is the scariest vulnerability discovered this year because it can turn any pdf into an XSS attack vector.

Today Cyrill Brunschwiler released the definitive fix for it. His solution is based on a mechanism to sanitize the malicious pdf link by generating unique session IDs for each pdf request and later check that session id. Because one picture is worth 1000 words here is the schema : Many thanks to the Compass Security team for this.



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge