Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security advisory for Adobe Reader, Acrobat and Flash Player


  • Please log in to reply
6 replies to this topic

#1 snkzato1

snkzato1

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 24 July 2009 - 02:53 PM

From:
http://www.adobe.com/support/security/advi.../apsa09-03.html

OH my!

Security advisory for Adobe Reader, Acrobat and Flash Player
Release date: July 22, 2009

Last Updated: July 23, 2009

Vulnerability identifier: APSA09-03

CVE number: CVE-2009-1862

Platform: All Platforms

SummaryA critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.


Removed a large portion of the quote in order to comply with the rules of fair use.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 24 July 2009 - 10:43 PM.


BC AdBot (Login to Remove)

 


m

#2 pcuser007

pcuser007

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 24 July 2009 - 08:04 PM

holy cats!
nice info snkzat1 :)

Does anyone know what this site needs the adobe add-on running for? I don't see any vids...

#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:24 AM

Posted 24 July 2009 - 10:05 PM

Just heard about this myself and was compiling links to post here. Beat me to it! :thumbsup:

Adobe recommends finding and renaming all instanced of the authplay.dll file to something like authplay-old.dll until after applying the patch which is expected by July 31. Users who do this will still suffer application crashes in programs that rely on this library, but will not be vulnerable to this exploit. The US CERT however recommends completely disabling flash or selectively enabling it only on websites which you trust. Users of Mozilla Firefox can use either the NoScript addon to permit only authorized websites to run flash content.

This vulnerability affects all platforms (Windows, Mac OSX, Linux and other Unix variants) but a yet has only been observed to be exploited on Windows systems. User of Windows Vista can use UAC to mitigate the risk of an exploit.

References:
US-CERT Advisory
US-CERT Vulnerability Note
Adobe's Advisory
Symantec's Analysis

#4 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:24 AM

Posted 26 July 2009 - 09:37 AM

For temporary protection :

1. Rename authplay.dll and rt3d.dll. These files are usually located in %programfiles%\Adobe\Reader 9.0\Reader. These files are used to play Flash content embedded in a PDF file.

2. Disable Flash in all browsers using NoScript or FlashBlock. It has been reported by ISC that even on legitimate sites, the execution code is being inserted to create drive-by-attacks. These attacks are fully automated - all you have to do is visit the site.

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:24 AM

Posted 31 July 2009 - 07:28 AM

Flash Player

You have version 10,0,32,18 installed


http://kb2.adobe.com/cps/141/tn_14157.html
Chewy

No. Try not. Do... or do not. There is no try.

#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:10:24 AM

Posted 31 July 2009 - 11:18 AM

Adobe on Thursday patched 12 vulnerabilities in Flash Player, including three it inherited from faulty Microsoft development code and one that hackers have been exploiting for at least a week.

Updates released on thursday:
http://www.adobe.com/support/security/bull.../apsb09-10.html

Update for Flash Player (version 10.0.32.18) :
http://www.adobe.com/go/getflashplayer

Update Adobe AIR (to version 1.5.2)
http://get.adobe.com/air/

Update for Adobe Reader 9.1 (download patch for updating to 9.1.3)
http://www.adobe.com/support/downloads/pro...latform=Windows

Edited by Romeo29, 01 August 2009 - 12:33 AM.


#7 sh4rkbyt3

sh4rkbyt3

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 09 October 2009 - 04:18 PM

The sad part of all this is the fact that Adobe knew about this for over 7 months before they decide to act on it or let anyone know.

Several hacker sites has posted about this weakness back in December 2008 and were beginning to elaborate on just how to effectively exploit the weaknesses which were also reported to Adobe. Most ethical hackers (yes they exist) will notify these companies as to how and where the found weaknesses exist. Some will even go so far as to send the source code (and some variants) for the exploits so that the developers can create patches. Adobe chose to ignore this despite proof positive results that were sent to them.

ZDNet had posted about these facts in May/June of 2009 and only then did Adobe feel the need to begin working on a patch.

I realize a proactive approach is not always feasible or even realistic but you would expect a large conglomeration like Adobe to be at least reasonably "reactive". Especially when their product brands reach almost 78% of the active users.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users