• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

Adobe Flash/Acrobat/Reader exploits-in-the-wild

43 posts in this topic

FYI...

 

Adobe Flash/Acrobat/Reader vulns

 

- http://www.symantec.com/connect/blogs/0-day-attack-wild-adobe-flash-reader-and-acrobat

June 6, 2010 - "We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory* are in the wild. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:

• Receiving an email with a malicious PDF attachment.

• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.

• Stumbling across a malicious PDF or SWF file when surfing the web..."

 

- http://krebsonsecurity.com/2010/06/adobe-warns-of-critical-flaw-in-flash-acrobat-reader/

June 5, 2010

 

- http://blog.trendmicro.com/zero-day-flashacrobat-exploit-seen-in-the-wild/

June 5, 2010

 

- http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html

June 4, 2010

 

Adobe Flash Player vuln

- http://secunia.com/advisories/40026/

Release Date: 2010-06-05

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Vendor Workaround

Software: Adobe Flash Player 10.x, Adobe Flash Player 9.x ...

NOTE: The vulnerability is reportedly being actively exploited.

Solution: Reportedly, the latest version 10.1 Release Candidate is not affected...

- http://labs.adobe.com/downloads/flashplayer10.html

Reported as a 0-day.

Original Advisory: Adobe:

* http://www.adobe.com/support/security/advisories/apsa10-01.html

 

Adobe Reader/Acrobat vuln

- http://secunia.com/advisories/40034/

Release Date: 2010-06-05

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched ...

NOTE: The vulnerability is currently being actively exploited.

Solution: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files...

Reported as a 0-day.

 

:ph34r: :ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Status update: Adobe vulnerabilities - exploits-in-the-wild ...

- http://www.adobe.com/support/security/advisories/apsa10-01.html

Last updated: June 8, 2010 - "... We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010. The patch date for Flash Player 10.x for Solaris is still to be determined.

We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."

 

- http://atlas.arbor.net/briefs/index#-1218073436

Title: Adobe Flash, Reader, and Acrobat 0day authplay Vulnerability

Severity: Extreme Severity

June 09, 2010 - "Analysis: This is an active, critical issue being exploited in the wild. We have multiple sources of these attacks with minimal AV detection. We encourage sites to investigate remediation steps immediately to address this."

Source: http://www.us-cert.gov/cas/techalerts/TA10-159A.html

 

- http://www.f-secure.com/weblog/archives/00001963.html

June 8, 2010 - "... spam run pushing a PDF exploit... screenshot of the PDF attachment..."

 

Adobe 0-day used in targeted attacks

- http://community.websense.com/blogs/securitylabs/archive/2010/06/09/how-the-adobe-0-day-is-used-in-attacks.aspx

9 Jun 2010

 

- http://www.kb.cert.org/vuls/id/486225

Date Last Updated: 2010-06-09

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1297

Last revised: 06/09/2010

CVSS v2 Base Score: 9.3 (HIGH)

 

Mitigations for Adobe vulnerability: CVE-2010-1297

- http://www.sophos.com/blogs/sophoslabs/?p=9954

June 8, 2010 - "...

1. Renaming authplay.dll: Our testing shows that this workaround, at least for this sample, works successfully (as claimed by Adobe). Acrobat will work normally on regular PDFs, but on exploited files (and potentially others with embedded SWF files), it will crash, but the exploit will fail.

2. Disabling JavaScript: As recommended previously, disabling JavaScript in Acrobat Reader is another workaround for this sample (since it relies on JavaScript to create the shellcode).

3. Alternative PDF reader: The exploit depends upon embedded SWF content, so PDF readers which ignore this ought to be safe..."

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Flash v 10.1.53.64 released

- http://www.spywareinfoforum.com/index.php?showtopic=127628&view=findpost&p=724870

June 10, 2010

 

Adobe Reader/Acrobat v9.3.3 released

- http://www.spywareinfoforum.com/index.php?showtopic=127628&view=findpost&p=726244

June 29, 2010

 

:!:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Reader 0-day, again...

- http://www.theregister.co.uk/2010/08/04/critical_adobe_reader_vuln/

4 August 2010 - "... yet another vulnerability in Adobe Reader that allows hackers to execute malicious code on computers by tricking their users into opening booby-trapped files... Brad Arkin, senior director of product security and privacy at Adobe, said members of the company's security team attended Miller's talk and have since confirmed his claims that the vulnerability can lead to remote code execution. The team is in the process of developing a patch and deciding whether to distribute it during Adobe's next scheduled update release or as an “out-of-band” fix that would come out in the next few weeks..."

- http://blogs.adobe.com/adobereader/

 

- http://secunia.com/advisories/40766/

Last update: 2010-08-06

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched...

... Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected...

 

:ph34r::blink::ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

Adobe is using sandbox in it as a improved feature which will protect the software from the malicious hacker. very interesting feature as google is also having sandbox.

Share this post


Link to post
Share on other sites

"Adobe is using sandbox..."

 

Not yet they aren't. It's still in development:

- http://www.theregister.co.uk/2010/07/20/adobe_reader_sandbox/

20 July 2010 - "... Arkin said the sandbox will debut with the next major revision of Reader, which he expects to ship sometime this year..."

 

For now, we're dealing with yet another 0-day:

- http://www.spywareinfoforum.com/index.php?showtopic=128812&view=findpost&p=729482

 

- http://www.adobe.com/support/security/bulletins/apsb10-17.html

August 5, 2010 - "Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862... Adobe expects to make these updates available during the week of August 16, 2010... Note that these updates represent an out-of-band release. Adobe is currently scheduled to release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010..."

- http://blogs.adobe.com/psirt/2010/08/pre-notification-out-of-band-security-updates-for-adobe-reader-and-acrobat.html

___

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2862

Last revised: 08/21/2010

 

Adobe Reader v9.3.4 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__731066

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.adobe.com/support/security/advisories/apsa10-02.html

September 13, 2010 - "... A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild..."

- http://isc.sans.edu/diary.html?storyid=9523

Last Updated: 2010-09-08 18:03:06 UTC

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2883

Last revised: 09/10/2010 - "... exploited in the wild in September 2010..."

CVSS v2 Base Score: 9.3

 

Adobe Reader/Acrobat vuln... unpatched

- http://secunia.com/advisories/41340/

Release Date: 2010-09-08

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched ...

...vulnerability is confirmed in versions 8.2.4 and 9.3.4. Other versions may also be affected.

NOTE: The vulnerability is currently being actively exploited.

Solution: Do not open untrusted files.

Provided and/or discovered by: Reported as a 0-day....

 

- http://www.virustotal.com/file-scan/report.html?id=d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b-1283972909

File name: Golf Clinic.pdf

Submission date: 2010-09-08 19:08:29 (UTC)

Result: 11/43 (25.6%)

 

(Better)...

- http://www.virustotal.com/file-scan/report.html?id=d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b-1284031469

File name: Golf Clinic.pdf

Submission date: 2010-09-09 11:24:29 (UTC)

Result: 21/43 (48.8%)

 

:grrr::ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

0-day Flash vuln "exploit in the wild"...

- http://www.adobe.com/support/security/advisories/apsa10-03.html

September 13, 2010 - "... A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884*) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010.

We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."

- http://isc.sans.edu/diary.html?storyid=9544

Last Updated: 2010-09-14 00:40:35 UTC

 

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2884

 

- http://secunia.com/advisories/41434/

Release Date: 2010-09-14

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched ...

 

- http://securitytracker.com/alerts/2010/Sep/1024432.html

Sep 14 2010

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Reader/Acrobat v9.4 update released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__733877

October 5, 2010

___

 

Flash Player v10.1.85.3 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__733032

Sep. 20, 2010

___

 

Flash update 2010.09.20 ...

- http://www.adobe.com/support/security/advisories/apsa10-03.html

Last updated: September 17, 2010 - "... We now expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems on Monday September 20, 2010. A fix is now available for Google Chrome users. Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html (September 17, 2010). We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2884

Last revised: 09/18/2010 - "... as exploited in the wild in September 2010..."

CVSS v2 Base Score: 9.3 (HIGH)

- http://xforce.iss.net/xforce/xfdb/61771

September 18, 2010 - High Risk

 

** http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414

"...You can tell if updates are available if the wrench icon on the browser toolbar has a little orange dot: update notification. To apply the update, just close and restart the browser..."

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Shockwave v11.5.9.615 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__735498

___

 

Shockwave Player vuln - unpatched

- http://secunia.com/advisories/41932/

Release Date: 2010-10-22

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched ...

The vulnerability is confirmed in version 11.5.8.612...

Solution: Do not visit untrusted websites*...

Original Advisory: Adobe:

http://www.adobe.com/support/security/advisories/apsa10-04.html

Last updated: October 27, 2010 - "... As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild... We are in the process of finalizing a fix for the issue and expect to provide an update for Shockwave Player on October 28, 2010..."

http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html

"... vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3653

Last revised: 10/27/2010

CVSS v2 Base Score: 9.3 (HIGH)

 

* -and/or- UNINSTALL Shockwave Player. You can live without it.

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Flash... 0-day... unpatched

* http://www.adobe.com/support/security/advisories/apsa10-05.html

Release date: October 28, 2010

CVE number: CVE-2010-3654

"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player. We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010..."

 

- http://secunia.com/advisories/41917/

Last Update: 2010-10-29

Criticality level: Extremely critical

NOTE: The vulnerability is currently being actively exploited...

... Adobe plans to release a fixed version on November 9, 2010.

... Reported as a 0-day.

Original Advisory: Adobe APSA10-05*

 

Adobe Reader/Acrobat ...

- http://secunia.com/advisories/42030/

...Adobe plans to release a fixed version on November 15, 2010.

Original Advisory: Adobe APSA10-05*

 

Chrome ...

- http://secunia.com/advisories/42031/

 

- http://www.theregister.co.uk/2010/10/28/adobe_reader_critical_vuln/

28 October 2010

- http://www.virustotal.com/file-scan/report.html?id=c4722bf958337e79fd53e8cbc289b58fdcce922ef025302cbca7679a5eae772a-1288229160

File name: nsunday.exe

Submission date: 2010-10-28

Result: 15/42 (35.7%)

There is a more up-to-date report (27/43) for this file...

- http://www.virustotal.com/file-scan/report.html?id=c4722bf958337e79fd53e8cbc289b58fdcce922ef025302cbca7679a5eae772a-1288324712

File name: 9F0CEFE847174185030A1F027B3813EC

Submission date: 2010-10-29

Result: 27/43 (62.8%)

___

 

- http://isc.sans.edu/diary.html?storyid=9835

Last Updated: 2010-10-28 21:51:01 UTC - "... mitigation measures recommended by adobe:

Adobe Reader and Acrobat 9.x - Windows

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe Reader 9.x - Macintosh

1) Go to the Applications->Adobe Reader 9 folder.

2) Right Click on Adobe Reader.

3) Select Show Package Contents.

4) Go to the Contents->Frameworks folder.

5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh

1) Go to the Applications->Adobe Acrobat 9 Pro folder.

2) Right Click on Adobe Acrobat Pro.

3) Select Show Package Contents.

4) Go to the Contents->Frameworks folder.

5) Delete or move the AuthPlayLib.bundle file.

Adobe Reader 9.x - UNIX

1) Go to installation location of Reader (typically a folder named Adobe).

2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).

3) Remove the library named "libauthplay.so.0.0.0."

More information at

- http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html ..."

___

 

- http://www.kb.cert.org/vuls/id/298081

2010-10-28 - "... consider the following workarounds: Disable Flash..."

 

ThreatCon... Elevated.

- http://www.symantec.com/security_response/threatconlearn.jsp

Oct. 29, 2010 - "... Adobe Flash Player, Adobe Reader, and Acrobat... vulnerability... being actively exploited in the wild..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654

Last revised: 10/29/2010

 

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash v10.1.102.64 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__736013

Critical

___

 

- http://isc.sans.edu/diary.html?storyid=9892

Last Updated: 2010-11-04 22:27:50 UTC - "... current 'State of Adobe'...

Product Latest Version

PDF Reader - v9.4.0 - vulnerable: http://secunia.com/advisories/42095/

Flash Player - 10.1.102.64

Shockwave Player- 11.5.9.615 - vulnerable: http://secunia.com/advisories/42112/

Acrobat - 9.4.0 - vulnerable: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654

Air - 2.5 ..."

- http://isc.sans.edu/tag.html?tag=adobe

___

 

Flash update now expected 11.4.2010...

- http://www.adobe.com/support/security/advisories/apsa10-05.html

Last updated: November 2, 2010 - "... We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654

Last revised: 11/01/2010

CVSS v2 Base Score: 9.3 (HIGH)

 

:!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

More Adobe vulns ...

 

Adobe Reader vuln

- http://secunia.com/advisories/42095/

Last Update: 2010-11-17

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution: Update to version 9.4.1.

 

Adobe Shockwave Player vuln - unpatched

- http://secunia.com/advisories/42112/

Last Update: 2010-11-16

Criticality level: Moderately critical

Impact: System access

Where: From remote

Solution Status: Unpatched ...

... The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.

Solution: Do not open the "Shockwave Settings" window when viewing Shockwave content..."

- http://www.securitytracker.com/id?1024682

Nov 4 2010

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4092

Last revised: 11/11/2010

CVSS v2 Base Score: 9.3 (HIGH)

 

* -and/or- UNINSTALL Shockwave Player. You can live without it.

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Adobe Reader/Acrobat v9.4.1 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__736692

___

 

Adobe PDF Reader status:

 

- http://www.adobe.com/support/security/bulletins/apsb10-28.html

November 12, 2010 - "... updates for Adobe Reader 9.4... and Adobe Acrobat 9.4... Adobe expects to make updates for Windows and Macintosh available on Tuesday, November 16, 2010. An update for UNIX is expected to be available on Monday, November 30, 2010..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3654

Original release date: 10/29/2010 - Last revised: 11/11/2010

CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in October 2010..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4091

Original release date: 11/07/2010 - Last revised: 11/11/2010

CVSS v2 Base Score: 9.3 (HIGH)

- http://secunia.com/advisories/42030/

Release Date: 2010-10-28

- http://secunia.com/advisories/42095/

Last Update: 2010-11-08

 

- http://contagiodump.blogspot.com/2010/11/cve-2010-3654.html

November 10, 2010

 

Alternative:

- http://www.spywareinfoforum.com/index.php?/topic/116677-foxit-reader-advisoriesupdates/page__view__findpost__p__737380

FoxIt Reader v4.3.0.1110

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash 0-day targeted attacks...

- http://isc.sans.edu/diary.html?storyid=10549

Last Updated: 2011-03-14 20:09:26 UTC - "Adobe posted a security advisory*... These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding. We will keep an eye on this and if the 0-day starts being used in the wild..."

___

 

- http://blog.trendmicro.com/excel-file-containing-adobe-zero-day-exploit-found/

Mar. 16, 2011

___

 

* http://www.adobe.com/support/security/advisories/apsa11-01.html

March 14, 2011 - "Summary: A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.13 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

 

- http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html

March 14, 2011 - "... The current attack leverages a malicious Flash (.swf) file inside a Microsoft Excel (.xls) file. The .xls file is used to set up machine memory to take advantage of a crash triggered by the corrupted .swf file. The final step of the attack is to install persistent malware on the victim’s machine..."

 

- http://secunia.com/advisories/43751/

Release Date: 2011-03-15

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

Software: Adobe Flash Player 10.x

... The vulnerability is reportedly being actively exploited.

Solution: Adobe plans to release a fixed version during the week of March 21, 2011...

 

- http://secunia.com/advisories/43772

___

 

- http://www.us-cert.gov/current/#adobe_releases_security_advisory_for6

March 15, 2011

 

- http://www.kb.cert.org/vuls/id/192052

Last Updated: 2011-03-15

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609

Last revised: 03/15/2011

CVSS v2 Base Score: 9.3 (HIGH)

 

- http://www.securitytracker.com/id/1025210

Mar 15 2011

- http://www.securitytracker.com/id/1025211

Mar 15 2011

 

:grrr:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash/Reader/Acrobat critical updates released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__743968

March 21, 2011

___

 

Flash 10.2 update - for Androids only...

- http://blogs.adobe.com/flashplayer/2011/03/flash-player-10-2-now-available-for-mobile-devices.html

March 18, 2011 - "... To see if your device is certified for Flash Player 10.2, visit:

- http://www.adobe.com/flashplatform/certified_devices/

___

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609

Last revised: 03/15/2011

CVSS v2 Base Score: 9.3 (HIGH)

___

 

- http://www.adobe.com/support/security/bulletins/apsb11-02.html

Last updated: March 18, 2011 - "... Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26..."

 

- http://www.adobe.com/support/security/advisories/apsa11-01.html

Last updated: March 18, 2011 - "... A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

 

.

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

PDF file loaded w/malware used in attack on Spotify...

- http://www.spywareinfoforum.com/index.php?/topic/118846-spam-frauds-fakes-and-other-malware-deliveries/page__view__findpost__p__744138

"... Blackhole Exploit Kit... One of the vulnerabilities the exploit kit uses is a vulnerability in Adobe Reader/Acrobat. The kit uses a heavily obfuscated PDF file..."

* http://www.virustotal.com/file-scan/report.html?id=a41b05120be3018082eff5d75811b166d1cf9dccb7c2ea3da3d42fd090c97acf-1301413767

File name: L9FPB1.pdf

Submission date: 2011-03-29 15:49:27 (UTC)

Result: 12/43 (27.9%)

___

 

Flash exploits in-the-wild - SPAM attachments...

- http://www.f-secure.com/weblog/archives/00002127.html

March 23, 2011 - "Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits... Another sample we've seen (md5:20ee090487ce1a670c192f9ac18c9d18) is an Excel file containing an embedded Flash object that exploits a known vulnerability (CVE-2011-0609). When the XLS file is opened, it shows an empty Excel spreadsheet and starts exploit code via a Flash object. The Flash object starts by doing a heap-spray... the Flash object constructs and loads a second Flash object in runtime... This second Flash object is the main exploit in this malware and it exploits CVE-2011-0609 to execute the shellcode in the heap... As an aside: the main exploit appears to have been delivered in this fashion in an attempt to evade detection. As it is loaded in memory, no physical file is available for scanning by an antivirus engine. Embedding the Flash object that loads the main exploit in an Excel file may be an attempt to further disguise the attack... users should update their Flash player as Adobe has already released a patch for this particular vulnerability. For more information, please see their security advisory*..."

(Screenshots available at the URL above.)

* http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__743968

Flash Player v10.2.153.1 released

 

- http://www.f-secure.com/weblog/archives/00002127.html

March 23, 2011

 

- http://sunbeltblog.blogspot.com/2011/03/tips-for-avoiding-endless-japan.html

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0609

Last revised: 03/31/2011

CVSS v2 Base Score: 9.3 (HIGH)

"... as exploited in the wild in March 2011..."

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash 0-day exploit in-the-wild ...

- http://krebsonsecurity.com/2011/04/new-adobe-flash-zero-day-being-exploited/

April 11, 2011 3:32 pm - "Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources... the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents... A scan of one tainted file used in this attack that was submitted to Virustotal.com* indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious..."

* http://www.virustotal.com/file-scan/report.html?id=1e677420d7a8160c92b2f44f1ef5eea1cf9b0b1a25353db7d3142b268893507f-1302359653

File name: Disentangling Industrial Policy and Competition Policy.doc

Submission date: 2011-04-09 14:34:13 (UTC)

Result: 1/42 (2.4%)

There is a more up-to-date report...

- http://www.virustotal.com/file-scan/report.html?id=1e677420d7a8160c92b2f44f1ef5eea1cf9b0b1a25353db7d3142b268893507f-1304526431

File name: Disentangling Industrial Policy and Competition Policy.doc

Submission date: 2011-05-04 16:27:11 (UTC)

Result: 29/41 (70.7%)

 

Screenshot of malicious e-mail:

- http://regmedia.co.uk/2011/04/12/malicous_email.jpg

___

 

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

- http://www.adobe.com/support/security/advisories/apsa11-02.html

April 11, 2011

CVE number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0611

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system... We are in the process of finalizing a schedule for delivering updates...

Affected software versions:

• Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems

• Adobe Flash Player 10.2.154.25 and earlier for Chrome users

• Adobe Flash Player 10.2.156.12 and earlier for Android

• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue...

 

- http://secunia.com/advisories/44119/

Release Date: 2011-04-12

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

... The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content...

Original Advisory: Adobe:

http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html

 

- http://secunia.com/advisories/44149/

Release Date: 2011-04-12

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched

... The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll)...

 

- http://www.securitytracker.com/id/1025324

Apr 12 2011

- http://www.securitytracker.com/id/1025325

Apr 12 2011

 

:grrr::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Reader, Acrobat security updates

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__745404

April 21,2011

___

 

Flash Player v10.2.159.1 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__745075

___

 

Flash, Reader, Acrobat critical updates scheduled...

- http://www.adobe.com/support/security/advisories/apsa11-02.html

April 13, 2011- "... We... expect to make available an update for Flash... on Friday, April 15, 2011. We expect to make available an update for Adobe Acrobat... and Adobe Reader... no later than the week of April 25, 2011..."

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0611

Last revised: 04/13/2011

CVSS v2 Base Score: 9.3 (HIGH)

"... as exploited in the wild in April 2011..."

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Drive-by Flash cache attacks...

- http://www.theregister.co.uk/2011/04/19/amnesty_drive_by_cache/

19 April 2011 - "Miscreants have deployed a subtle variant of the well established drive-by-download attack tactics against the website of human rights organisation Amnesty International. In traditional drive-by-download attacks malicious code is planted on websites. This code redirects surfers to an exploit site, which relies on browser vulnerabilities or other exploits to download and execute malware onto visiting PCs. The attack on the Amnesty website, detected by security firm Armorize*, relied on a different sequence of events. In this case, malicious scripts are used to locate the malware which is already sitting in the browser's cache directory, before executing it. This so-called drive-by cache approach make attacks harder to detect because no attempt is made to download a file and write it to disk, a suspicious maneuver many security software packages are liable to detect. By bypassing this step dodgy sorts are more likely to slip their wares past security software undetected. The Amnesty International attack ultimately relied on an Adobe Flash zero-day exploit, patched by Adobe** late last week..."

* http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html

 

- http://www.virustotal.com/file-scan/report.html?id=2e498420acf149a2ea785bd798061d1e14b1b069e9abd83889da7e2f8d15c227-1303129354

File name: display[1].swf

Submission date: 2011-04-18 12:22:34 (UTC)

Result: 1/40 (2.5%)

 

** Flash Player v10.2.159.1 released

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__745075

 

:grrr::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

 

> http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__746537

"... update to Adobe Flash Player 10.3.181.14..."

- http://www.securitytracker.com/id/1025533

May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627*] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0627

Last revised: 05/13/2011

 

:!: :!:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Hacks exploit Flash bug in new attacks against Gmail users

- http://www.computerworld.com/s/article/9217346/Hackers_exploit_Flash_bug_in_new_attacks_against_Gmail_users

June 6, 2011 - "Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users... '... we cannot assume that other Web mail providers may not be targeted as well'..."

 

> http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__748293

 

:grrr::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://secunia.com/advisories/44964/

Release Date: 2011-06-15 ... vulnerability is reportedly being actively exploited in targeted attacks... (Flash Player) 10.3.181.23 and earlier...

Solution: Apply updates... (10.3.181.26*)...

 

- http://www.securitytracker.com/id/1025651

Jun 14 2011 - CVE-2011-2110

... This vulnerability is being actively exploited via targeted web pages.

Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fix 10.3.181.26*...

 

* http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__749041

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash exploits on the loose...

- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617

17 June 2011 - "... earlier in the week Adobe issued multiple security updates, which included an update for Adobe Flash Player by way of APSB11-18. What you may not know is that the issue fixed by this update, CVE-2011-2110, is being exploited in the wild on a fairly large scale. In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs, aerospace companies, a Korean news site, an Indian Government website, and a Taiwanese University. The links are also being used in targeted spear phishing attacks designed to lure particular individuals into clicking the links with hopes of compromising their machines. In case there is any doubt at all, this is very bad. If you run a version of Adobe Flash that is -older- than 10.3.181.26 (or 10.3.181.24 for Android), then is is absolutely -critical- that you update your Flash Player. You can check your Flash version by clicking here*...

* http://kb2.adobe.com/cps/155/tn_15507.html

... exploit takes advantage of a vulnerability in the ActionScript Virtual Machine. It then uses heap information leakage in order to avoid spraying the heap and crashing the process. The exploit is also able to bypass Window's data execution prevention (DEP)... We are aware of several sites in the wild that are either compromised and pointing to exploits or are actually housing the exploits themselves. In some cases a single site may be both compromised and housing the malicious download. Right now we only have a limited set of exploit sites we can share due to various restrictions...

Note: Do not visit these URLs as they are malicious and should be considered dangerous..."

(More detail and list at the shadowserver URL above.)

 

>> http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__749041

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2110

Last revised: 06/17/2011

CVSS v2 Base Score: 10.0 (HIGH)

"... before 10.3.181.26... as exploited in the wild..."

___

 

MMPC Telemetry on CVE-2011-2110 Attack Attempts during June 17 – 30, 2011

- http://www.microsoft.com/security/portal/blog-images/CVE-2011-2110/BID593-004.png

1 Jul 2011

- http://blogs.technet.com/b/mmpc/archive/2011/07/01/a-technical-analysis-on-the-exploit-for-cve-2011-2110-adobe-flash-player-vulnerability.aspx

___

 

- http://www.malwaredomains.com/wordpress/?p=1872

June 17th, 2011 in 0day, Domain News - "... Several domains containing mailicious payloads are listed. We’ll be adding these domains on the next update, but you should add the domains and IP addresses to your domain and ip blocklist ASAP."

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

60% of Adobe Reader users unpatched...

- http://www.darkreading.com/taxonomy/index/printarticle/id/231001642

Jul 13, 2011 - "Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks... In a study of its own antivirus users, Avast Software found that 60.2 percent of those with Adobe Reader were running a vulnerable version of the program... More than 80 percent of Avast users run a version of Adobe Reader... Brad Arkin, senior director of product security and privacy at Adobe, agreed with the Avast analysis. "We find that most consumers don’t bother updating a free app, such as Adobe Reader, as PDF files can be viewed in the older version," he said... Malware PDF exploit packages will typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered..."

 

:ph34r::scratchhead:

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Reader - Unpatched in the Enterprise ...

- http://www.zscaler.com/pdf/Zscaler-Labs-State-of-the-Web-2011Q2.pdf

Zscaler 2011-Q2 Report PDF pg. 12 - "... Adobe reader is installed in 83% of all enterprise browsers, and is out of date in 56% of those installations... the increasingly popular Blackhole Exploit kit includes a variety of payloads designed to target recent Adobe Reader vulnerabilities..."

August 10, 2011

 

Graphic: Out-of-date plugins

- http://i.zdnet.com/blogs/vulnerable_outdated_browser_plugins.png

August 9, 2011

 

- http://www.h-online.com/security/news/item/Kaspersky-study-finds-Adobe-software-is-biggest-security-risk-1323895.html?view=zoom;zoom=1

16 August 2011

 

:blink: :!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe Reader/Acrobat Security Advisory - APSA11-04

- http://www.adobe.com/support/security/advisories/apsa11-04.html

December 6, 2011

Summary : A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012. For further context on this schedule, please see the corresponding ASSET blog* post."

* http://blogs.adobe.com/asset/2011/12/background-on-cve-2011-2462.html

December 6, 2011

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2462

Last revised: 12/08/2011

CVSS v2 Base Score: 10.0 (HIGH)

"... as exploited in the wild in December 2011..."

 

- http://h-online.com/-1391441

7 December 2011

 

Reader 0-day exploit in-the-wild...

- http://www.symantec.com/connect/fr/blogs/adobe-reader-zero-day-being-exploited-wild

___

 

- http://www.securitytracker.com/id/1026376

Dec 6 2011

Impact: Execution of arbitrary code via network, User access via network

... A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user...

 

- https://secunia.com/advisories/47133/

Criticality level: Extremely critical

Impact: System access

Where: From remote

Solution Status: Unpatched

CVE Reference: CVE-2011-2462

Solution: Do not open untrusted PDF files. A fix is scheduled to be released for Adobe Reader and Acrobat 9.x for Windows in the week of December 12, 2011.

Provided and/or discovered by: Reported as a 0-day.

Original Advisory: http://www.adobe.com/support/security/advisories/apsa11-04.html

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash Player 0-day vulns - unpatched

- http://www.securitytracker.com/id/1026392

Date: Dec 8 2011

Impact: Execution of arbitrary code via network, User access via network...

Version(s): 11.1.102.55 and prior versions

Description: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system...

Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: No solution was available at the time of this entry.

___

 

- http://arstechnica.com/business/news/2011/12/another-adobe-flash-zero-day-for-sale-by-security-software-vendor.ars

December 8, 2011 - "InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11..."

___

 

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4693

CVSS v2 Base Score: 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4694

CVSS v2 Base Score: 9.3 (HIGH)

Original release date: 12/07/2011

Last revised: 12/13/2011

 

- https://isc.sans.edu/diary.html?storyid=12166

Last Updated: 2011-12-08 21:52:32 UTC

 

- https://secunia.com/advisories/47161/

Release Date: 2011-12-08

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution Status: Unpatched

... vulnerability is reported in version 11.1.102.55. Other versions may also be affected.

Solution: Do not browse untrusted sites or disable the player.

Original Advisory:

- http://archives.neohapsis.com/archives/dailydave/2011-q4/0081.html

Dec 06 2011 - "... bypasses DEP/ASLR and works on Win7/WinXP with FF, Chrome and IE..."

 

Oracle Solaris Adobe Flash Player...

- https://secunia.com/advisories/47180/

Release Date: 2011-12-09

Criticality level: Highly critical...

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

- http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__759179

Dec. 16, 2011

___

 

- http://www.symantec.com/security_response/threatconlearn.jsp

Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*. Exercise extreme caution when opening PDF files from untrusted sources. Any email attachments received from unfamiliar senders or unexpectedly from known senders should be treated suspiciously. Email attachments are a common vector for targeted attacks using vulnerabilities of this kind..."

___

 

- https://www.adobe.com/support/security/advisories/apsa11-04.html

Last updated: December 15, 2011 - "... We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011..."

 

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2462

Last revised: 12/21/2011

CVSS v2 Base Score: 10.0 (HIGH)

"... as exploited in the wild in December 2011..."

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash Player v11.1.102.62 update

- http://www.symantec.com/security_response/threatconlearn.jsp

Feb 24, 2012 - "On February 15, 2012, Adobe released a patch for Flash Player fixing vulnerabilities on all platforms. One of these is a cross-site scripting (XSS) vulnerability that is being exploited in the wild through links in emails (CVE-2012-0767*, BID 52040). A cross-site scripting vulnerability can allow an attacker to make HTTP requests masquerading as the affected user. Since this vulnerability was reported by Google, it is likely that it has been used in attempted attacks on Gmail accounts - similarly to the XSS vulnerability exploited in June 2011 to infiltrate victims' Gmail accounts (CVE-2011-2107). An attacker must entice a user into visiting a malicious link in the email to trigger the vulnerability. Customers are advised to install applicable updates as soon as possible.

Adobe Security Bulletin: Security update available for Adobe Flash Player ..."

http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__762374

 

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0767

Last revised: 02/25/2012 - "... before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x... as exploited in the wild in February 2012"

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Flash exploit released...

- http://atlas.arbor.net/briefs/index#-957676977

Severity: Elevated Severity

Published: Thursday, March 08, 2012 20:33

An exploit for a month-old Adobe Flash vulnerability has been released to the public. Ensure systems are protected.

Analysis: This security vulnerability, patched on Feb 15th, was used in a targeted attack around March 5th

- http://contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html *

... and now a Metasploit module has been released to the public. Given the widespread install base of Flash, users are strongly encouraged to ensure that patching has taken place. Now that the code is public, it will likely be used in commodity exploit kits very soon to install malware."

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0754 - 10.0 (HIGH)

 

* https://www.virustotal.com/file/68360603794c0f6d1aff9f6853dbdbb1860a89269d3147dab768034d4195ca62/analysis/

File name: us.exe

Detection ratio: 27/43

Analysis date: 2012-03-07 16:19:36 UTC

* https://www.virustotal.com/file/d018ea9fea664b9608474e1271aaf23fe5d3b6161a2db486592e763475e377bd/analysis/1331313285/

File name: CVE-2012-0744-xls.swf

Detection ratio: 8/43

Analysis date: 2012-03-09 17:14:45 UTC

* https://www.virustotal.com/file/b3a97be4160fb261e138888df276f9076ed76fe2efca3c71b3ebf7aa8713f4a4/analysis/

File name: 12e36f86ce54576cc38b2edfd13e3a5aa6c8d51c.bin

Detection ratio: 24/43

Analysis date: 2012-03-10 23:57:50 UTC

 

>> http://www.spywareinfoforum.com/index.php?/topic/127628-adobe-multiple-vulns/page__view__findpost__p__763340

 

:( :!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Adobe PDF Reader 0-day in-the-wild ...

- https://krebsonsecurity.com/2012/11/experts-warn-of-zero-day-exploit-for-adobe-reader/

Nov 7th, 2012 - "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X– Adobe introduced a “sandbox” feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground. But according to Andrey Komarov, Group-IB’s head of international projects, this vulnerability allows attackers to sidestep Reader’s sandbox protection...

>

... Adobe spokeswoman Wiebke Lips said the company was not contacted by Group-IB, and is unable to verify their claims, given the limited amount of information currently available... Group-IB says the vulnerability is included in a new, custom version of the Blackhole Exploit Kit, a malicious software framework sold in the underground that is designed to be stitched into hacked Web sites and deploy malware via exploits such as this one... consumers should realize that there are several PDF reader option apart from Adobe’s, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF*."

* http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html

___

 

- http://h-online.com/-1746442

8 Nov 2012

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Shockwave player - vulnerable Flash runtime

* http://www.kb.cert.org/vuls/id/323161

Last revised: 17 Dec 2012 - "Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime..."

 

- http://h-online.com/-1772754

19 Dec 2012 - "US-CERT has warned that a security hole exists in Adobe's Shockwave Player*. Version 11.6.8.638 and earlier versions that were installed using the company's "Full" installer are affected. These all include an older version of Flash (10.2.159.1) that contains several exploitable vulnerabilities. Shockwave uses a custom Flash runtime instead of a globally installed Flash plugin. According to US-CERT, the Flash vulnerabilities can be exploited to execute arbitrary code at the user's privilege level via specially crafted Shockwave content. As the Shockwave Player tends to be used only rarely, simply uninstalling the software can provide protection. Adobe is even offering an uninstaller** for this purpose..."

** https://www.adobe.co...oad/alternates/

(See "Shockwave Player Uninstaller".)

 

- https://krebsonsecur...-shockwave-bug/

Dec 19, 2012 - "... U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013..."

 

- http://www.securityt....com/id/1027903

- http://www.securityt....com/id/1027904

- http://www.securityt....com/id/1027905

Dec 20 2012

 

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6270 - 9.3 (HIGH)

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6271 - 9.3 (HIGH)

 

:blink::ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Backdoor/phish targets...
- http://www.symantec.com/connect/blogs/backdoorbarkiofork-targets-aerospace-and-defense-industry
30 Jan 2013 - "... we observed a spear phishing campaign targeting groups in the aerospace and defense industry. We identified at least -12- different organizations targeted in this attack. These organizations include aviation, air traffic control, and government and defense contractors...
> https://www.symantec.com/connect/sites/default/files/images/Figure1_3.png
... The attackers used a report published in 2012 regarding the outlook of the aerospace and defense industries as the lure. The intention of the attackers was to make it seem as though this email originally came from the company that authored the report. The emails were also crafted to look as though they were being forwarded by internal employees or by individuals from within the industries identified. When the malicious PDF attached to the email is opened, it attempts to exploit the Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability.. If successful, it drops malicious files as well as a clean PDF file to keep the ruse going.
> https://www.symantec.com/connect/sites/default/files/images/Figure2New.png
In addition to the clean PDF file, the threat drops a malicious version of the svchost.exe file. This file then drops a malicious version of ntshrui.dll into the Windows directory. The threat leverages a technique known as DLL search order hijacking (the ntshrui.dll file is not protected by KnownDLLs). When the svchost.exe file calls the explorer.exe file, it will load the malicious ntshrui.dll file in the Windows folder -instead- of the legitimate ntshrui.dll file in the Windows system directory. Symantec detects both the svchost.exe and ntshrui.dll files as Backdoor.Barkiofork. This version of Backdoor.Barikiofork has the following capabilities:
• Enumerates disk drives
• Contacts the command-and-control (C&C) server at osamu.update .ikwb .com *
• Steals system information
• Downloads and executes further updates
This spear phishing campaign continues to show the sophistication and preparation of attackers, especially gathering intelligence on what social engineering will best entice targets. Organizations should ensure proper email security is in place and also make patch management a priority, as the vulnerability exploited here was patched in 2011."
* 192.74.239.245 / https://www.google.com/safebrowsing/diagnostic?site=AS:54600

:grrr::ph34r:

Share this post


Link to post
Share on other sites

FYI...

- http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=777126
Feb 20, 2013
___

Adobe 0-day Reader/Acrobat exploit in-the-wild
- https://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
Feb 12, 2013 - "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog* for the latest information."
* http://blogs.adobe.com/psirt/

 

- https://secunia.com/advisories/52196/
Release Date: 2013-02-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution: No official solution is currently available.
... Reported as a 0-day.
Original Advisory:
- https://www.adobe.com/support/security/advisories/apsa13-02.html
Last updated: Feb 16, 2013
CVE number: CVE-2013-0640, CVE-2013-0641
"... Mitigations: Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here:
> https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedview.html
... Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013..."

- http://arstechnica.com/security/2013/02/thanks-adobe-protection-for-critical-zero-day-exploit-not-on-by-default/
Feb 14, 2013 - "... the "protected view" feature prevents the current attacks from working — but only if it's manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the "Files from potentially unsafe locations," or even the "All files" option. Then click OK.
There's also a way for administrators to enable protected view on Windows machines across their organization... It's unclear why protected view isn't turned on by default..."

>> http://www.f-secure.com/weblog/archives/AdobeReader11PreferencesProtectedView.png

- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
Feb 13, 2013 - "... we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain... we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public..."

- http://www.f-secure.com/weblog/archives/00002500.html
Feb 13, 2013 - "... Consider mitigating your Adobe Reader usage until there's an update from Adobe..."


- http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
Feb 13, 2013 - "... Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes... To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources..."
___

ThreatCon is currently at Level 2: Elevated.
- https://www.symantec.com/security_response/threatconlearn.jsp
"... On February 7, 2013, Adobe released a patch for Adobe Flash Player. This release addresses CVE-2013-0633 (BID 57788) and CVE-2013-0634 (BID 57787), which are being actively exploited in the wild, distributed through malicious Word documents...
[superseded by APSB13-05: https://www.adobe.com/support/security/bulletins/apsb13-05.html
... Adobe Flash Player 11.6.602.168... February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637

https://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2013-0637&search_type=last3months&cves=on ...]"

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Flash exploit in-the-wild ...
- http://www.threattracksecurity.com/it-blog/adobe-exploit-cve-2014-0502/
Mar 21, 2014 - "... new exploit in the wild going after a known Adobe vulnerability... detected the file cc.swf delivered via the malicious link hxxp ://java-sky .com/swf/cc.swf**... Only 7/51 antivirus vendors on VirusTotal* detect the malicious payload at the time of this post..."

* https://www.virustotal.com/en/file/8c9168f29526a38f5ab4563f8bb82a390eff4fd5a826a4d4986e1e6fe679d87f/analysis/

** 50.62.99.1 - https://www.virustotal.com/en/ip-address/50.62.99.1/information/

- http://google.com/safebrowsing/diagnostic?site=AS:26496

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)

Latest Flash version 12.0.0.77
- http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=787074

Flash test site:
- http://www.adobe.com/software/flash/about/

:grrr::ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Exploit for Flash vuln targets users in Japan for financial info
- http://www.symantec.com/connect/blogs/recent-exploit-adobe-flash-vulnerability-targeting-users-japan-financial-information
Updated: 30 May 2014 - "... research now indicates that the attacks are being performed on a massive scale and that majority of them are focused on Japan. Back in April, CVE-2014-0515 was originally being exploited in watering-hole attacks against specific organizations or industries. Later in the same month, Adobe released a patch* for the vulnerability. However, just a few weeks later Symantec telemetry indicated that instead of the initial targets, the exploit was now being used to target a wider range of Internet users.
> http://www.symantec.com/connect/sites/default/files/users/user-2598031/Figure1_12.png
... more than 90 percent of the attacks exploiting the vulnerability are targeting Japanese users. The attacks are typically carried out through drive-by-download and leverage compromised legitimate websites to host malicious code. The websites then redirect traffic to a malicious site prepared by the attacker... Once the browsers are redirected to the malicious site, which has the IP address 1.234.35.42**, they render the exploit code that attempts to exploit CVE-2014-0515. If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer...
Cumulative number of attacks on Japanese users:
> http://www.symantec.com/connect/sites/default/files/users/user-2598031/Figure3_6.png
Infostealer.Bankeiya.B monitors the Web browsers Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. The Trojan gathers specific user data typically found in online banking transactions. The malware can also update itself, enabling it to target more banks and add more capabilities in order to perform additional malicious actions..."
* https://helpx.adobe.com/security/products/flash-player/apsb14-13.html

* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515 - 10.0 (HIGH)
"... as exploited in the wild in April 2014..."

 

> Most recent version:
- https://helpx.adobe.com/security/products/flash-player/apsb14-16.html
June 10, 2014 - "... Flash Player 14.0.0.125..."
Available here: https://www.adobe.com/products/flashplayer/distribution3.html

>> https://www.adobe.com/software/flash/about/

** 1.234.35.42: https://www.virustotal.com/en/ip-address/1.234.35.42/information/
Last: 2014-06-25

- http://www.reuters.com/article/2014/05/31/us-japan-banking-idUSKBN0EB02M20140531
May 30, 2014 10:02pm EDT

- http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-trend-hits-japan-hard/
June 2, 2014

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Flash 0-Day Exploit used by Angler Exploit Kit
- https://isc.sans.edu/diary.html?storyid=19213
2015-01-21 - "The "Angler" exploit kit is a tool frequently used in drive-by download attacks to probe the browser for different vulnerabilities, and then exploit them to install malware. The exploit kit is very flexible and new exploits are added to it constantly. However, the blog post below* shows how this exploit kit is currently using an unpatched Flash 0-day to install malware. Current versions of Windows (e.g. Window 8 + IE 10) appear to be vulnerable. Windows 8.1, or Google Chrome do not appear to be vulnerable... typically we see these exploits more in targeted attacks, not in widely used exploit kits. This flaw could affect a large number of users very quickly..."
* http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
2015-01-21 - "... Angler EK exploiting last version (16.0.0.257) of Flash..."
Update: "... tested it against the free version of Malwarebytes Anti Exploit* (a product from one of my customers). That stopped it. Well done!..."
* https://www.malwarebytes.org/antiexploit/

- http://blog.trendmicro.com/trendlabs-security-intelligence/flash-greets-2015-with-new-zero-day/
Jan 22, 2015 - "... Chrome’s version of the Flash Player plugin is sandboxed, mitigating potential effects to end users. Firefox is also immune to this threat..."
Geographic distribution of users affected by Angler
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/01/Geographic-Distribution-of-Users-Affected-by-Angler-01.jpg

:ph34r: :ph34r: :grrr:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

- http://blog.trendmicro.com/trendlabs-security-intelligence/flash-greets-2015-with-new-zero-day/
Update as of January 22, 2015, 9:30 PM PST: "... Adobe released an update to Flash, bringing the latest version to 16.0.0.287. However, this does -not- patch the vulnerability described in this post. Instead, it fixes a -separate- vulnerability (CVE-2015-0310). A patch for the vulnerability described here (now designated as CVE-2015-0311) will be released sometime next week.*
In the mean time, we note that Chrome is still unaffected by this vulnerability. Users of other browsers who are unable to disable Flash Player (due to usability issues) can consider downloading ad blocking software or extensions, which would help in reducing the exposure to this threat."

> http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
"... Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled.
[Edit : 2015-01-22 - 15:30 GMT+2] Til this morning Firefox users were safe. Angler EK coders [hacks] 'fixed' the issue... and they are now under fire as well..."

* https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Updated: Jan 22, 2015 - "... We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311
Last revised: 01/23/2015

 

>> Recommend: DISABLE Flash extension/Plugin until that fix is available.
>> Firefox: >Tools >Addons >Plugins >Shockwave Flash 16.0.0.287 - Never Activate.

... until NEW UPDATED FIX from Adobe is released/installed.
___

See: http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=792988
Jan 24, 2015 - "... 16.0.0.296 available..."

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Flash 16.0.0.305 - see: http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=793091

Feb 4, 2015

___

Another Flash Player 0-day exploit in-the-wild ...
- https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Feb 2, 2015
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0313 - 10.0 (HIGH)

Last revised: 02/04/2015 - "... as exploited in the wild in February 2015."
Platform: All Platforms
Summary: A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe expects to release an update for Flash Player during the week of February 2.
Affected software versions:
- Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
- Adobe Flash Player 13.0.0.264 and earlier 13.x versions

Revisions: Removed Flash Player version 11.x from the list of affected versions. Version 11.x and earlier do not support the functionality affected by CVE-2015-0313.

> https://blogs.adobe.com/psirt/?p=1171
Feb 2, 2015

- https://isc.sans.edu/diary.html?storyid=19269
Last Updated: 2015-02-02 15:12:32 UTC

- http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
Feb 2, 2015 - "... a new zero-day exploit in Adobe Flash used in -malvertisement- attacks. The exploit affects the most recent version of Adobe Flash, and is now identified as CVE-2015-0313... So far we’ve seen around 3,294 hits related to the exploit, and with an attack already seen in the wild, it’s likely there are other attacks leveraging this zero-day, posing a great risk of system compromise to unprotected systems. Since the exploit affects the latest version of Flash, 16.0.0.296, users may consider -disabling- Flash Player until a fixed version is released. Adobe has confirmed that this is a zero-day exploit and the patch is expected to be available this week to address this..."
___

How to Disable Flash:

In I/E: http://www.ehow.com/how_7332733_turn-off-flash.html
•1 Launch Internet Explorer. Click "Tools" and click "Internet Options." Click the "Programs" tab.

•2 Open the "Manage add-ons" button. Click the drop-down list under "Show" and select "Run without permission."

•3 Click "Shockwave Flash Object" under the "Adobe System Incorporated" section. Click the "Disable" button. Reboot your system.
___

In Chrome: http://www.ehow.com/how_8270649_disable-shockwave-flash-chrome.html

- Enter the following address in Chrome’s address bar to access the Plug-ins screen:
chrome://plugins/

Scroll down the list of plug-ins and click the “Disable” link located at the bottom of the Adobe Flash Player section to disable Flash.
___

In Firefox: Tools> Addons> Plugins> Shockwave Flash - Never Activate

>> Browser check: https://browsercheck.qualys.com/?scan_type=js

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

FIX: http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=796296
___

Flash 0-Day used in Pawn Storm...
>> http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
Oct 13, 2015 - "... the attackers behind Pawn Storm[1] are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day* we’ve seen in the last couple of years... Based on our analysis, the Flash zero-day affects at least Adobe Flash Player versions 19.0.0.185 and 19.0.0.207... We have notified Adobe about our discovery and are working with them to address this security concern. Updates to this entry will be made once more information is available."

'Suggest Flash be -disabled- immediately until a new fix/release from Adobe is available...

* 'Suggest Java be disabled, too. Next scheduled release of Java update due 10.20.2015.
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/10/13/patch-tuesday-october-2015
Oct 13, 2015 - "... Oracle will have their CPU later this month, on the 20th..."

1] https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-pawn-storm-fast-facts
___

>> https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Oct, 14, 2015 - "... A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.

UPDATE: Adobe expects updates to be available as early as October 16. "

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7645
10/15/2015 - "... as exploited in the wild in October 2015."

:ph34r: :ph34r: :grrr:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

Adobe Flash 0-day (CVE-2016-1019) in-the-Wild - Exploit Kits delivering Ransomware
- http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2016-1019-zero-day-integrated-in-exploit-kit/
April 7, 2016 - "... Trend Micro has observed active zero day attacks from the Magnitude Exploit Kit affecting users of Flash 20.0.0.306 and earlier. These attacks are not effective against users of Flash versions 21.0.0.182 and 21.0.0.197. This is because of a heap mitigation that Adobe introduced in version 21.0.0.182 and is also present in version 21.0.0.197. Users of these versions will only experience a crash in Adobe Flash when attacks attempt to exploit the vulnerability. All users are highly recommended to immediately update their systems with the latest security fix* as this is actively being exploited in the wild. Prior to today’s security fix, we observed the exploit kit already integrating this vulnerability in its arsenal, which leaves systems infected with ransomware..."
* https://helpx.adobe.com/security/products/flash-player/apsb16-10.html

 

>> http://www.spywareinfoforum.com/topic/127628-adobe-multiple-vulns/?p=797908

 

- https://atlas.arbor.net/briefs/index#-169418222
April 07, 2016 21:52

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1019
Last revised: 04/07/2016
10.0 HIGH
"Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016."

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now