Adobe products struck by zero-day attacks
June 6, 2010 by admin
Filed under Security News
Adobe’s products are once again in the firing line, as hackers are reportedly exploiting critical unpatched vulnerabilities in the products Adobe Reader, Acrobat and Flash Player.
Adobe has published a security advisory describing the problems which affect users regardless of whether they’re running Windows, Mac OS X, Linux, Solaris or UNIX.
Adobe has labelled the zero-day vulnerabilities as “critical”, the most serious rating it has.
Adobe says that Adobe Reader and Acrobat version 8.x are not vulnerable, and that the Flash Player 10.1 release candidate “does not appear to be vulnerable”.
Although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal:
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
Adobe Patch Tuesday to bring automatic updates
April 12, 2010 by admin
Filed under Security News
On Tuesday April 13th it’s not only the regular appointment for system administrators around the world to expect the latest bunch of monthly security updates from Microsoft, it will also be time for a scheduled quarterly update from Adobe for its reader and Acrobat products.
Adobe says that its upcoming update to Adobe Reader and Acrobat 9.3.2 and 8.2.2 will utilise its new updater technology on Windows and Mac – previously only enabled for selected beta-testers.
Windows users will find an option to “Automatically install updates” on their Preferences/Updater tab. Alternatively they can select “Automatically download updates, but let me choose when to install them” or “Do not download or install updates automatically” (These last two options are the only choices presently available on the Mac version).
Adobe’s Steve Gottwals describes the new updating feature as a demonstration that user security is a key priority for the company. It is hoped that in the future Adobe’s PDF-handling software will include a screen prompting end-users to select auto-update to ensure further updates occur automatically behind the scenes.
The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users. We are currently evaluating options for the best long-term solution for users, which could involve presenting the user with an opt-in screen for the automatic update option as part of the next phase in the roll-out.
Chances are that these new update preferences will be more eagerly welcomed amongst home users than corporations – as firms often wish to test security updates before rolling them out across their entire organisation.
But the security community as a whole should probably give this new Adobe feature a thumbs-up – if the new feature works as advertised it sounds like it will definitely be a step in the right direction. Let us hope that more of Adobe’s customers will do a better job of keeping their systems up-to-date as a result of this enhancement.
It’s also of note that there is no news yet of an auto-updating facility for Flash – another Adobe technology that is frequently exploited by hackers. Lets hope that that isn’t too far away.
Although Tuesday’s Adobe updates will resolve critical security issues in its Acrobat and Reader products, it is not yet known if the currently high profile PDF /Launch security hole will be amongst them.
By Graham Cluley, Sophos
Related Blogs
Adobe Exploit puts Backdoor on Computers
October 12, 2009 by admin
Filed under Security News
A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems’ Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.
Trend Micro identified the exploit as a Trojan horse dubbed “Troj_Pidief.Uo” in a blog post. It arrives as a PDF file containing JavaScript-based malware, “Js_Agent.Dt,” and then drops a backdoor called “Bkdr_Protux.Bd.”
The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.
The blog post provides technical details on how the malware works, specifically the activity of its shell code, the piece of code that delivers the payload. The JavaScript is used to execute arbitrary codes in a technique known as “heap spraying.”
“Based on our findings, the shell code (that was heap-sprayed) jumps to another shell code inside the PDF file” before extracting and executing the backdoor, Trend Micro said. The backdoor “is also embedded in the PDF file and not the usual file downloaded from the Web.”
Variants of the Protux backdoor typically provide an attacker unrestricted user-level access to a compromised machine and previously exploited vulnerabilities in Microsoft Office files, according to Trend Micro.
Adobe announced on Thursday that it would release an update to fix the hole on Tuesday, the same day as Microsoft’s Patch Tuesday.
This screenshot shows the embedded executable file in the PDF file, after it has been decrypted.
Source : Cnet (Credit: Trend Micro)
