Advertisement
<a href="http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: 0day

    Latest Warnings / Time to Patch23 Comments
    4
    May 12

    Critical Flash Update Fixes Zero-day Flaw

    Adobe Systems Inc. today issued a security update to its Flash Player software. The company stressed that the update fixes a critical vulnerability that malicious actors have been using in targeted attacks.

    Adobe classifies a security flaw as critical if it can be used to break into vulnerable machines without any help from users. The company said the vulnerability (CVE-2012-0779) fixed in the version released today has been exploited in targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message, and that the exploit used in the attacks seen so far target Flash Player on Internet Explorer for Windows only.

    Nevertheless, there are updates available for Flash Player versions designed for all operating systems that Adobe supports, including Mac, Linux and Android devices.

    Continue reading →

    Latest Warnings58 Comments
    11
    Apr 11

    New Adobe Flash Zero Day Being Exploited?

    Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources. The attacks  come less than three weeks after Adobe issued a critical update to fix a different Flash flaw that crooks were similarly exploiting to install malicious software.

    According to sources, the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents.

    Adobe spokesperson Wiebke Lips said the company is currently investigating reports of a new Flash vulnerability, and that Adobe may issue an advisory later today if it is confirmed.

    On March 11, Adobe issued a critical update to fix a security hole in Flash that it had earlier said was being attacked via malicious Flash content embedded in Microsoft Excel files. It’s not clear how long attackers have been exploiting this newest Flash flaw, but its exploitation in such a similar manner as the last flaw suggests the attackers may have a ready supply of unknown, unpatched security holes in Flash at their disposal.

    Update, 3:57 p.m. ET: Ever wonder what anti-virus detection looks like in the early hours of a zero day outbreak like this? A scan of one tainted file used in this attack that was submitted to Virustotal.com indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious.

    Update, 4:10 p.m. ET: Removed advice about deleting or renaming authplay.dll, which several readers (and now Adobe) have pointed out is specific to Adobe Reader and Acrobat.

    Update, 5:05 p.m. ET: Adobe just released an advisory about this that confirms the above information.

    Latest Warnings / The Coming Storm24 Comments
    14
    Mar 11

    Adobe: Attacks on Flash Player Flaw

    Adobe warned today attackers are exploiting a previously unknown security flaw in all supported versions of its Flash Player software. The company said the same vulnerability exists in Adobe Reader and Acrobat, but that it hasn’t yet seen attacks targeting the flaw in those programs.

    In an advisory released today, Adobe said malicious hackers were exploiting a critical security hole in Flash (up to and including the latest version of Flash. The software maker warned the vulnerability also exists in Adobe Flash player 10.2.152.33 and earlier versions for Windows, Mac, Linux and Solaris operating systems (10.2.154.13 and earlier for Chrome users), Flash Player 101.106.16 and earlier for Android. In addition, Adobe believes the bug lives in the “authplay.dll” component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Mac systems.

    Adobe warns that the security hole is currently being exploited via Flash (.swf) files embedded in a Microsoft Excel document delivered as an email attachment. Why someone would need to embed a Flash file in an Excel document is anyone’s guess.

    Continue reading →

    Other20 Comments
    28
    Jan 11

    Microsoft: Exploit Published for Windows Flaw

    Microsoft warned today that hackers have published instructions for attacking a previously unknown security hole in all versions of Windows that could be exploited to siphon user data or trick users into installing malicious code.

    Redmond published an advisory about a vulnerability in the way Windows handles MHTML code that could let attackers run Javascript code if the user is browsing a malicious site using Internet Explorer. As Wolfgang Kandek, chief technology officer at Qualys notes, that means that IE is the only known exploit vehicle for this flaw, and that other browsers such as Firefox and Chrome are not affected in their default configuration because they don’t support MHTML without the installation of specific add-ons.

    Microsoft said it may issue a patch to fix the flaw, but that in the meantime IE users who are concerned about this threat can use a supplied “FixIt” tool to help shore up the way Windows handles MHTML documents. The enable that fix, visit this link and click the FixIt icon.

    Latest Warnings25 Comments
    4
    Jan 11

    Microsoft Warns of Image Problem

    Microsoft today warned Windows users about a previously unknown security vulnerability that could allow attackers to install malware simply by getting users to view a malicious image in a Web browser or document.

    Microsoft said in a security advisory that the problem stems from a bug in the Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. The software giant said that it is working on a patch for the flaw, but that it isn’t aware of any active attacks exploiting the security hole…yet.

    According to the CVE listing cited in the advisory, the vulnerability was discovered by a pair of security researchers who presented their findings at a security conference in Korea late last year.

    Continue reading →

    Latest Warnings13 Comments
    23
    Dec 10

    Exploit Published for New Internet Explorer Flaw

    Hackers have released exploit code that can be used to compromise Windows PCs through a previously unknown security flaw present in all versions Internet Explorer, Microsoft warned today.

    Dave Forstrom, director of trustworthy computing at Microsoft, said although the software giant is not aware of any attacks wielding this flaw against Windows users, “given the public disclosure of this vulnerability, the likelihood of criminals using this information to actively attack our customers may increase.”

    Microsoft’s security advisory says the problem has to do with the way IE handles CSS style sheets. A posting on Microsoft’s Security Research & Defense blog notes that the Metasploit Project recently published an exploit for this flaw that evades two of the key security defenses built into Windows Vista and Windows 7 — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).

    Continue reading →

    Latest Warnings / The Coming Storm10 Comments
    3
    Nov 10

    Microsoft Warns of Attacks on Zero-Day IE Bug

    Microsoft Corp. today warned Internet Explorer users that attackers are exploiting a previously unknown security hole in the browser to install malicious software. The company is urging users who haven’t already done so to upgrade to IE8, which includes technology that makes the vulnerability more difficult to exploit.

    According to the advisory Microsoft published, this is a browse-to-a-malicious-site-and-get-owned vulnerability. The company reports that the exploit code was discovered on a single Web site that is no longer online. But if past attacks against unpatched IE flaws are any indicator, it will probably not be long before the attack is stitched into plenty of other hacked and malicious Web sites.

    Redmond says Data Execution Prevention (DEP) technology enabled by default in IE8 helps protect against attacks, and that the same protection is enabled on all supported platforms, including Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7. IE9 beta apparently is not at risk from this threat.

    In a post to its Microsoft Security Response Center blog, the company said that it is working to develop a security update to address this attack against the flaw, but that at the moment it “does not meet the criteria for an out-of-band release.” Microsoft is expected to issue another round of security updates next week as part of its regular “Patch Tuesday” cycle, which generally occurs on the second Tuesday of each month.

    Symantec Corp. has posted a fascinating blog entry that details just how targeted the attacks have been so far. It offers a peek at how these types of critical flaws in widely-used applications can be used in pinprick attacks to extract very specific information from targeted organizations and individuals. From that post:

    “One such case started few days ago when we received information about a possible exploitation using older versions of Internet Explorer as targets. Hackers had sent emails to a select group of individuals within targeted organizations. Within the email the perpetrators added a link to a specific page hosted on an otherwise legitimate website.

    ….Looking at the log files from this exploited server we know that the malware author had targeted more than a few organizations. The files on this server had been accessed by people in lots of organizations in multiple industries across the globe. Very few of them were seen accessing the payload file, which means that most users were using a browser which wasn’t vulnerable or targeted.”

    Read more from the Symantec writeup here.

    Latest Warnings / Time to Patch24 Comments
    20
    Sep 10

    Security Fix for Critical Adobe Flash Flaw

    Adobe Systems Inc. today rushed out a software update to remedy a dangerous security hole in its ubiquitous Flash Player that hackers have been exploiting to break into vulnerable systems.

    Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1. Updates are available from this link.

    Adobe’s advisory on this flaw is here. The same security vulnerability also exists in the latest versions of Adobe Reader and Acrobat, although Adobe says it doesn’t plan to fix this vulnerability in those products until the week of Oct. 4.

    Note that if you use both Internet Explorer and non-IE browsers, you’re going to need to apply this update at least twice, once by visiting the Flash Player installation page with IE and then again with Firefox, Opera or Safari. Google Chrome users can update to Chrome 6.0.472.62 to grab this latest Flash update. To check which version of Flash you have installed, visit this link.

    Also, unless you want some “free” software — like McAfee Security Scan or whatever browser toolbar Adobe is bundling with Flash player this month — remember to uncheck that option before you agree to download the software.

    Latest Warnings / Time to Patch37 Comments
    13
    Sep 10

    Adobe Warns of Attacks on New Flash Flaw

    Adobe Systems Inc. warned Monday that attackers are exploiting a previously unknown security hole in its Flash Player, multimedia software that is installed on most computers.

    Adobe said a critical vulnerability exists in Adobe Flash Player versions 10.1.82.76 and earlier, for Windows, Mac, Linux, Solaris, UNIX and Android operating systems. In a security advisory, Adobe warned that the flaw could cause Flash to crash and potentially allow an attacker to seize complete control over an affected system.

    Worse still, there are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe’s advisory states that while the latest versions of Adobe Acrobat and Reader also contain the vulnerable Flash components, the company is not aware of attacks against the Flash flaw in those programs.

    That last bit may be of little comfort to Adobe Acrobat and Reader users: Last week, Adobe issued a similar advisory warning that hackers were attacking an as-yet unpatched critical flaw in both of those programs.

    Adobe said it is in the process of finalizing a fix for the Flash issue and expects to provide an update for Flash Player on Windows, Mac, and Android systems during the week of Sept. 27, 2010. Updates to fix the Flash flaw in Adobe Reader and Acrobat should be ready by the week of October 4, 2010, Adobe said.

    Flash is one of those Web components that can be difficult to do without. I often urge readers who use Firefox to install and use the Noscript add-on, which blocks Flash-based content by default and lets the user decide which Flash videos to enable.

    Latest Warnings26 Comments
    8
    Sep 10

    Attackers Exploiting New Acrobat/Reader Flaw

    Adobe warned today that hackers appear to be exploiting a previously unknown security hole in its PDF Reader and Acrobat programs.

    In an advisory published Wednesday, Adobe said a critical vulnerability exists in Acrobat and Reader versions 9.3.4 and earlier, and that there are reports that this critical vulnerability is being actively exploited in the wild. The company says its in the process of evaluating the schedule for an update to plug the security hole.

    Meanwhile, an evil PDF file going around that leverages the new exploit currently is detected only by about 25 percent of the anti-virus programs out there (the Virustotal scan results from today are here, and yes it’s a safe PDF).

    Adobe’s advisory doesn’t discuss possible mitigating factors, although turning off Javascript in Reader is always a good first step. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript).

    Better yet, consider using an alternative PDF reader that isn’t quite so heavily targeted as Adobe’s, such as Foxit, Sumatra, or Nitro PDF.

    ← Older Entries