Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player.
The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an attacker to make unauthorized cross-domain requests. The bulletin indicates that the update also addresses a potential denial-of-service issue.
The second bulletin, APSB10-07, is a security advisory for Adobe Reader and Acrobat. This advisory indicates that Adobe is planning to release updates for Adobe Reader and Acrobat on February 16, 2010 to address critical security issues.
US-CERT encourages users and administrators to review Adobe Bulletins APSB10-06 and APSB10-07 and apply any necessary updates to help mitigate the risks.
US-CERT will provide additional information as it becomes available.
Tag Archives: adobe
XP users should upgrade their Flash installation ASAP
Filed under Security News
Tagged as adobe, advisory, Flash, flaw, outdated, security, Vulnerabilities
Tagged as adobe, advisory, Flash, flaw, outdated, security, Vulnerabilities
Adobe Flash Player 6, the version of that online graphics framework that came pre-installed with Windows XP, has been found to contain numerous security flaws, according to Microsoft.
The software giant yesterday issued a security advisory, stating that the vulnerabilities could enable "a specially crafted web page" to remotely execute code on machines running Flash Player 6. Ars Technica notes that Adobe stopped providing security updates for the outdated player in 2006.
Microsoft recommended that XP users immediately update their Flash installation to a newer version, describing the vulnerability as "severe." Users of old versions of Flash running on new operating systems were still vulnerable, though less so than XP users. The company said that it was not aware of any live exploits, but warned that the possibility was certainly there.
Older, unpatched versions of most software are much more likely to be vulnerable to spyware or viruses, experts say. Users are encouraged to update their programs, plug-ins, and operating systems as often as possible to stay ahead of the numerous digital threats present online.
The software giant yesterday issued a security advisory, stating that the vulnerabilities could enable "a specially crafted web page" to remotely execute code on machines running Flash Player 6. Ars Technica notes that Adobe stopped providing security updates for the outdated player in 2006.
Microsoft recommended that XP users immediately update their Flash installation to a newer version, describing the vulnerability as "severe." Users of old versions of Flash running on new operating systems were still vulnerable, though less so than XP users. The company said that it was not aware of any live exploits, but warned that the possibility was certainly there.
Older, unpatched versions of most software are much more likely to be vulnerable to spyware or viruses, experts say. Users are encouraged to update their programs, plug-ins, and operating systems as often as possible to stay ahead of the numerous digital threats present online.
Apple patches security holes in Safari browser
Yesterday, Cupertino, California-based computer company Apple released version 4.0.4 of Safari, its web browser available for Mac, PC, and iPhone operating systems.
The update plugs what are thought to be moderate-to-serious security flaws in the browser, though CNET News notes that Apple does not rate the severity of vulnerabilities like Microsoft and Google. PC Magazine writes that two out of the seven flaws addressed are capable of remote code execution, the prerequisite for malicious takeovers of malware-infected PCs.
Malicious XML, FTP and image content can be crafted to crash or exploit Windows and Mac versions of Safari, in addition to causing unpredictable network security threats when visiting other websites. Only Windows versions of Safari are susceptible to the embedded image color profile trick, while an exploit that could allow email to remotely access audio and video content affects Macs only.
The patch comes amid a rare uptick in security news about Apple products, with a pair of iPhone worms hitting the network and a large-scale patch for the company's operating systems making headlines over the past several days.
The update plugs what are thought to be moderate-to-serious security flaws in the browser, though CNET News notes that Apple does not rate the severity of vulnerabilities like Microsoft and Google. PC Magazine writes that two out of the seven flaws addressed are capable of remote code execution, the prerequisite for malicious takeovers of malware-infected PCs.
Malicious XML, FTP and image content can be crafted to crash or exploit Windows and Mac versions of Safari, in addition to causing unpredictable network security threats when visiting other websites. Only Windows versions of Safari are susceptible to the embedded image color profile trick, while an exploit that could allow email to remotely access audio and video content affects Macs only.
The patch comes amid a rare uptick in security news about Apple products, with a pair of iPhone worms hitting the network and a large-scale patch for the company's operating systems making headlines over the past several days.
Gumblar Trojan exploits Adobe Reader and Acrobat security hole
Filed under Security News
Tagged as acrobat, adobe, Gumblar, hole, reader, security, trojan, vulnerability
Tagged as acrobat, adobe, Gumblar, hole, reader, security, trojan, vulnerability
A security flaw in Adobe Reader and Acrobat is being actively exploited by cyber attackers with malicious PDFs. Security researchers at IBM's web security labs have seen a surge in attacks on this security vulnerability.
IBM researchers said on the Frequency X Blog that variants of the Gumblar Trojan are attacking security holes in Microsoft Office, web browser and Adobe products, but most of the attacks are aimed at Adobe Acrobat and Reader.
"Here in Managed Security Services, we've noticed a considerable elevation in our global hits on malicious PDF files," the IBM researchers said on the blog. "More specifically, the signature used to detect the latest Adobe Reader Remote Code Execution has picked up most of the activity."
Adobe disclosed the security vulnerabilities in its October 13 batch of security patches and recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2.
The security bulletin from Adobe on the flaw said remote code execution could allow an attacker to take control of a user system if a victim opens a PDF file infected with the virus.
IBM researchers said on the Frequency X Blog that variants of the Gumblar Trojan are attacking security holes in Microsoft Office, web browser and Adobe products, but most of the attacks are aimed at Adobe Acrobat and Reader.
"Here in Managed Security Services, we've noticed a considerable elevation in our global hits on malicious PDF files," the IBM researchers said on the blog. "More specifically, the signature used to detect the latest Adobe Reader Remote Code Execution has picked up most of the activity."
Adobe disclosed the security vulnerabilities in its October 13 batch of security patches and recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2.
The security bulletin from Adobe on the flaw said remote code execution could allow an attacker to take control of a user system if a victim opens a PDF file infected with the virus.
Adobe warns of security bug in Reader and Acrobat
A new web security threat is being exploited by hackers using flaws in Adobe Reader and Acrobat 9.1.3 on Windows PCs. Adobe said disabling Javascript may disable the attacks.
The bug also affects Macintosh and Linux operating systems, but the attacks are currently limited to Windows systems, Adobe said on its product security incident response team blog last week.
"Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13," Adobe said in a security advisory.
Customers with DEP enabled on Windows Vista will be protected and disabling Javascript also mitigates against this exploit, although a variant that does not rely on Javascript could be possible.
According to security researchers at antivirus company Trend Micro, circulating Trojan malware exploit code uses Javascript in a PDF file to attack the vulnerability and create a backdoor to provide unrestricted user-level access to a hacker.
Windows users can disable Javascript in Adobe Reader and Acrobat by selecting Edit, Preferences, selecting Javascript and unchecking the Enable Acrobat Javascript option.
The bug also affects Macintosh and Linux operating systems, but the attacks are currently limited to Windows systems, Adobe said on its product security incident response team blog last week.
"Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13," Adobe said in a security advisory.
Customers with DEP enabled on Windows Vista will be protected and disabling Javascript also mitigates against this exploit, although a variant that does not rely on Javascript could be possible.
According to security researchers at antivirus company Trend Micro, circulating Trojan malware exploit code uses Javascript in a PDF file to attack the vulnerability and create a backdoor to provide unrestricted user-level access to a hacker.
Windows users can disable Javascript in Adobe Reader and Acrobat by selecting Edit, Preferences, selecting Javascript and unchecking the Enable Acrobat Javascript option.
Firefox 3.5.3, 3.0.14 will detect outdated Flash
Mozilla said on its security blog that the new releases of its popular Firefox web browser will be able to detect if a user has an outdated version of Adobe Flash and will direct users to download the latest version.
Upon updating to Firefox 3.5.3 and Firefox 3.0.14, the browser will direct users with outdated Flash Player to the Adobe download site with a message that reads: "You should update Adobe Flash right now. Firefox is up to date, but your current version of Flash can cause security and stability issues. Please install the free update as soon as possible."
Flash is the software that allows users to see movies and animations in their web browser. As one of the most common applications on websites, Flash Player is vulnerable to hacker attacks and as much as 80 percent of web users currently have an out-of-date version.
"Our intent is to get the user's attention and direct them to the Adobe web site where they can download the most up to date version," wrote Mozilla's Johnathan Nightingale on the Mozilla security blog. "Mozilla will work with other plugin vendors to provide similar checks for their products in the future."
Keeping software and web browsers up to date remains one of the best ways to stay protected from web security threats like malware, spam and identity theft.
Upon updating to Firefox 3.5.3 and Firefox 3.0.14, the browser will direct users with outdated Flash Player to the Adobe download site with a message that reads: "You should update Adobe Flash right now. Firefox is up to date, but your current version of Flash can cause security and stability issues. Please install the free update as soon as possible."
Flash is the software that allows users to see movies and animations in their web browser. As one of the most common applications on websites, Flash Player is vulnerable to hacker attacks and as much as 80 percent of web users currently have an out-of-date version.
"Our intent is to get the user's attention and direct them to the Adobe web site where they can download the most up to date version," wrote Mozilla's Johnathan Nightingale on the Mozilla security blog. "Mozilla will work with other plugin vendors to provide similar checks for their products in the future."
Keeping software and web browsers up to date remains one of the best ways to stay protected from web security threats like malware, spam and identity theft.
Report: Adobe Flash is ‘biggest security hole’ on the web
In the weeks since Adobe released a critical patch for Flash and Acrobat Reader, research from security firm Trusteer shows that almost 80 percent of internet users are still running unpatched versions.
Based on a survey of the company's 2.5 million customers in North America and Europe, Trusteer said the number of vulnerable users represents "the biggest security hole on the internet today and the failure of Adobe to address it in a timely manner is extremely troubling."
Last month, security researchers discovered exploits of a Flash vulnerability that could infect PCs with Trojan malware upon users opening a malicious Adobe Acrobat PDF file, which caused Adobe to rush a security updates for Flash Player, Acrobat and Reader.
According to Adobe, 99 percent of internet users run Flash. By comparison, Internet Explorer is only used by 65 percent of internet users, while Firefox is used by about 30 percent.
"Given these numbers, it is not surprising that criminals are much more focused today on Flash and Acrobat," Trusteer said in an advisory earlier this month.
Security firm Sophos has identified Flash-exploiting malware embedded in Microsoft Excel files and predicted malware authors will use PowerPoint and Word to spread Flash-based attacks.
Based on a survey of the company's 2.5 million customers in North America and Europe, Trusteer said the number of vulnerable users represents "the biggest security hole on the internet today and the failure of Adobe to address it in a timely manner is extremely troubling."
Last month, security researchers discovered exploits of a Flash vulnerability that could infect PCs with Trojan malware upon users opening a malicious Adobe Acrobat PDF file, which caused Adobe to rush a security updates for Flash Player, Acrobat and Reader.
According to Adobe, 99 percent of internet users run Flash. By comparison, Internet Explorer is only used by 65 percent of internet users, while Firefox is used by about 30 percent.
"Given these numbers, it is not surprising that criminals are much more focused today on Flash and Acrobat," Trusteer said in an advisory earlier this month.
Security firm Sophos has identified Flash-exploiting malware embedded in Microsoft Excel files and predicted malware authors will use PowerPoint and Word to spread Flash-based attacks.
Adobe fixes Flash flaws caused by bad Microsoft code
Adobe issued web security patches yesterday for flaws in Flash Player and Shockwave that were caused by vulnerable code in the Microsoft Active Template Library (ATL), a code library included with Visual Studio for developing software.
Adobe said the flaws could allow a remote attacker to take control of a system. Adobe is making updates available for Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX to fix the security bugs. Adobe Shockwave Player 11.5.0.600 and earlier versions on Windows are also affected.
Microsoft earlier this week had patched the critical bugs in Visual Studio, which were related to an errant ampersand (&) in the code. But any software developed using the code remained vulnerable to attacks.
"We determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," Adobe's security response team said on its blog.
Only Internet Explorer plug-ins are vulnerable to the Flash bug, so people using Flash Player within the Firefox browser or other Windows browsers are not vulnerable, Adobe said.
Hackers have actively targeted the Flash security holes using drive-by download or "browse-and-get-owned" attacks hosted on compromised websites.
Adobe said the flaws could allow a remote attacker to take control of a system. Adobe is making updates available for Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX to fix the security bugs. Adobe Shockwave Player 11.5.0.600 and earlier versions on Windows are also affected.
Microsoft earlier this week had patched the critical bugs in Visual Studio, which were related to an errant ampersand (&) in the code. But any software developed using the code remained vulnerable to attacks.
"We determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," Adobe's security response team said on its blog.
Only Internet Explorer plug-ins are vulnerable to the Flash bug, so people using Flash Player within the Firefox browser or other Windows browsers are not vulnerable, Adobe said.
Hackers have actively targeted the Flash security holes using drive-by download or "browse-and-get-owned" attacks hosted on compromised websites.
Security flaw in Adobe Flash exploited by Trojan malware
Security researchers at Symantec have identified a critical vulnerability in Adobe Flash that allows an attacker to infect PCs with Trojan malware upon opening a malicious Adobe Acrobat PDF file. Adobe acknowledged the flaw and said it is working on releasing a fix by July 30.
The Flash vulnerability affects current versions of Flash Player for Windows, Mac and Linux operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX, Adobe's security response team said on its blog.
Deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a crash or error message when opening a PDF that contains SWF content, Adobe said.
Symantec warned Wednesday that the Flash bug is serious because of the widespread use of Flash across operating systems and products.
Whereas most vulnerabilities only affect one web browser or software product, Flash exists in all popular browsers and is also available in PDF documents.
"[T]herefore, the threat posed by this issue is not to be taken lightly," Symantec warned on its blog.
The Flash vulnerability affects current versions of Flash Player for Windows, Mac and Linux operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX, Adobe's security response team said on its blog.
Deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a crash or error message when opening a PDF that contains SWF content, Adobe said.
Symantec warned Wednesday that the Flash bug is serious because of the widespread use of Flash across operating systems and products.
Whereas most vulnerabilities only affect one web browser or software product, Flash exists in all popular browsers and is also available in PDF documents.
"[T]herefore, the threat posed by this issue is not to be taken lightly," Symantec warned on its blog.
Fake Twitter invites spreading email worm
Filed under Security News
Tagged as adobe, e-card, micro-blogging site, researcher, Sammy Chu, social networking users, social networks, spoof site, Symantec, Twitter, YouTube
Tagged as adobe, e-card, micro-blogging site, researcher, Sammy Chu, social networking users, social networks, spoof site, Symantec, Twitter, YouTube
Spam emails that appear to be invitations to join the micro-blogging site Twitter have been spreading a mass email worm that can steal email addresses from a user's PC. Symantec reported last week that the fake invites can be spotted because legitimate invites contain a URL link in the body.
Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card. The file is actually a malicious attachment known as the Ackantta worm, which gathers email addresses from infected computers and spreads by copying itself to removable drives and shared folders, Symantec said.
"As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users," Symantec researcher Sammy Chu said in a blog last week. "We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks."
Symantec had spotted an e-card virus attack in February that was used to spread the same Ackantta worm.
Twitter's booming popularity has also made it a growing target of phishing attacks and other types of spam.
Earlier this month, researchers spotted messages on Twitter that directed users to go to a YouTube spoof site to see a "best video." Users who visited the site could have had their PCs infected through vulnerable versions of Adobe Reader.
Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card. The file is actually a malicious attachment known as the Ackantta worm, which gathers email addresses from infected computers and spreads by copying itself to removable drives and shared folders, Symantec said.
"As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users," Symantec researcher Sammy Chu said in a blog last week. "We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks."
Symantec had spotted an e-card virus attack in February that was used to spread the same Ackantta worm.
Twitter's booming popularity has also made it a growing target of phishing attacks and other types of spam.
Earlier this month, researchers spotted messages on Twitter that directed users to go to a YouTube spoof site to see a "best video." Users who visited the site could have had their PCs infected through vulnerable versions of Adobe Reader.