Tuesday, September 14, 2010

Yet Again Another Adobe Vulnerability. Sigh.

I'm seeing reports of this everywhere.  Adobe Flash Player and Adobe Reader 9.3.4 and earlier versions are both subject to 0-day exploits which are "in the wild".  Supposedly the Flash flaw will be fixed in two weeks, the Adobe Reader flaw in four weeks.  That's a long time to go with active exploits.  No word on whether or not this affects other PDF readers.

Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
Adobe has released an advisory for Flash Player and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player for Android, as well as Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. CVE-2010-2884 has been assigned to the issue, which has an impact of crashing Flash or arbitrary code execution on some affected platforms. There is currently no patch, Adobe has indicated that it should be released in late September and/or early October. There are indications that this previously unknown vulnerability is currently being exploited in the wild by malicious web sites attacking browsers. YYAAAV Yes, Yet Again Another Adobe Vulnerability. Sigh.

Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploits the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place. Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes it is recommended to explore workarounds for mitigation, detection of already compromised hosts, and cleanup.

Adobe PSIRT blog: http://blogs.adobe.com/psirt/2010/09/security-advisory-for-adobe-flash-player-apsa10-03.html

Adobe advisory: http://www.adobe.com/support/security/advisories/apsa10-03.html

Adobe Warns of Attacks on New Flash Flaw — Krebs on Security
Adobe Systems Inc. warned Monday that attackers are exploiting a previously unknown security hole in its Flash Player, multimedia software that is installed on most computers.

Adobe said a critical vulnerability exists in Adobe Flash Player versions and earlier, for Windows, Mac, Linux, Solaris, UNIX and Android operating systems. In a security advisory, Adobe warned that the flaw could cause Flash to crash and potentially allow an attacker to seize complete control over an affected system.

Worse still, there are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe’s advisory states that while the latest versions of Adobe Acrobat and Reader also contain the vulnerable Flash components, the company is not aware of attacks against the Flash flaw in those programs.

Adobe Flash Player zero-day under attack | ZDNet
The zero-day hacker attacks against Adobe’s software products are coming fast and furious.

Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous Flash Player.

Adobe says the vulnerability affects Flash Player and earlier versions for Windows, Macintosh, Linux, Solaris, and Android.

It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.
US-CERT Current Activity: Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
added September 13, 2010 at 08:30 am
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited.

US-CERT encourages users and administrators to review Adobe security advisory APSA10-02
and consider implementing the suggested workaround of utilizing
Microsoft's Enhanced Mitigation Toolkit (EMET) to help prevent this
vulnerability from being exploited. Additional information on EMET can
be found on the Microsoft Security Research and Defense blog.

US-CERT will provide additional information as it becomes available.

No comments: