Security advisory for Adobe Reader, Acrobat and Flash Player

Security advisory for Adobe Reader, Acrobat and Flash Player Didn't see this posted...

#1 snkzato1

Member

Group: Members
Posts: 43
Joined: 06-July 09

Posted 24 July 2009 - 02:53 PM

From:
http://www.adobe.com/support/security/advi.../apsa09-03.html

OH my!

Quote

Security advisory for Adobe Reader, Acrobat and Flash Player
Release date: July 22, 2009

Last Updated: July 23, 2009

Vulnerability identifier: APSA09-03

CVE number: CVE-2009-1862

Platform: All Platforms

SummaryA critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.

Removed a large portion of the quote in order to comply with the rules of fair use.

Orange Blossom

This post has been edited by Orange Blossom: 24 July 2009 - 10:43 PM

#2 pcuser007

New Member

Group: Members
Posts: 2
Joined: 04-July 09

Posted 24 July 2009 - 08:04 PM

holy cats!
nice info snkzat1 :)

Does anyone know what this site needs the adobe add-on running for? I don't see any vids...

#3 Andrew

Bleepin' Night Watchman

Group: Moderator
Posts: 7,329
Joined: 05-December 05
Gender:Not Telling
Location:Right behind you

Posted 24 July 2009 - 10:05 PM

Just heard about this myself and was compiling links to post here. Beat me to it! :thumbsup:

Adobe recommends finding and renaming all instanced of the authplay.dll file to something like authplay-old.dll until after applying the patch which is expected by July 31. Users who do this will still suffer application crashes in programs that rely on this library, but will not be vulnerable to this exploit. The US CERT however recommends completely disabling flash or selectively enabling it only on websites which you trust. Users of Mozilla Firefox can use either the NoScript addon to permit only authorized websites to run flash content.

This vulnerability affects all platforms (Windows, Mac OSX, Linux and other Unix variants) but a yet has only been observed to be exploited on Windows systems. User of Windows Vista can use UAC to mitigate the risk of an exploit.

References:
US-CERT Advisory
US-CERT Vulnerability Note
Adobe's Advisory
Symantec's Analysis

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Posted Image

Boredom Software Stop Highlighting Things

#4 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,814
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 26 July 2009 - 09:37 AM

For temporary protection :

1. Rename authplay.dll and rt3d.dll. These files are usually located in %programfiles%\Adobe\Reader 9.0\Reader. These files are used to play Flash content embedded in a PDF file.

2. Disable Flash in all browsers using NoScript or FlashBlock. It has been reported by ISC that even on legitimate sites, the execution code is being inserted to create drive-by-attacks. These attacks are fully automated - all you have to do is visit the site.

[url="http://www.avast.com/"]avast! free antivirus[/url]

#5 DaChew

Visiting Alien

Group: BC Advisor
Posts: 10,313
Joined: 20-May 07
Gender:Male
Location:millenium falcon and rockytop

Posted 31 July 2009 - 07:28 AM

Flash Player

Quote

You have version 10,0,32,18 installed

http://kb2.adobe.com/cps/141/tn_14157.html

Chewy

No. Try not. Do... or do not. There is no try.

#6 Romeo29

Learning To Bleep

Group: BC Advisor
Posts: 2,814
Joined: 06-July 08
Gender:Not Telling
Location:127.0.0.1

Posted 31 July 2009 - 11:18 AM

Adobe on Thursday patched 12 vulnerabilities in Flash Player, including three it inherited from faulty Microsoft development code and one that hackers have been exploiting for at least a week.

Updates released on thursday:
http://www.adobe.com/support/security/bull.../apsb09-10.html

Update for Flash Player (version 10.0.32.18) :
http://www.adobe.com/go/getflashplayer

Update Adobe AIR (to version 1.5.2)
http://get.adobe.com/air/

Update for Adobe Reader 9.1 (download patch for updating to 9.1.3)
http://www.adobe.com/support/downloads/pro...latform=Windows

This post has been edited by Romeo29: 01 August 2009 - 12:33 AM

[url="http://www.avast.com/"]avast! free antivirus[/url]

#7 sh4rkbyt3

Forum Regular

Group: Members
Posts: 154
Joined: 28-September 09
Gender:Male

Posted 09 October 2009 - 04:18 PM

The sad part of all this is the fact that Adobe knew about this for over 7 months before they decide to act on it or let anyone know.

Several hacker sites has posted about this weakness back in December 2008 and were beginning to elaborate on just how to effectively exploit the weaknesses which were also reported to Adobe. Most ethical hackers (yes they exist) will notify these companies as to how and where the found weaknesses exist. Some will even go so far as to send the source code (and some variants) for the exploits so that the developers can create patches. Adobe chose to ignore this despite proof positive results that were sent to them.

ZDNet had posted about these facts in May/June of 2009 and only then did Adobe feel the need to begin working on a patch.

I realize a proactive approach is not always feasible or even realistic but you would expect a large conglomeration like Adobe to be at least reasonably "reactive". Especially when their product brands reach almost 78% of the active users.