Posts Tagged: adobe


10
Nov 11

Critical Flash Update Plugs 12 Security Holes

Adobe has issued a critical software update for its Flash Player software that fixes at least a dozen security vulnerabilities in the widely-used program. Updates are available for Windows, Mac, LinuxSolaris and Android versions of Flash and Adobe Air.

The update fixes flaws present in Flash Player versions 11.0.1.152 and earlier for Windows, Mac, Linux and Solaris systems, and in Flash 11.0.1.153 and earlier for Android. The vulnerabilities are rated critical, meaning they could give hacked or malicious Web sites an easy way to install software on your machine.

Adobe’s advisory says users of Flash version 11.0.1.152 and earlier should update to v. 11.1.102.55; those using Flash v. 11.0.1.153 and earlier versions for Android should update to Flash Player 11.1.102.59. Users of AIR 3.0 for Windows, Macintosh, and Android should update to AIR  v. 3.1.0.4880. The company says it is not aware of any active attacks against these flaws at this time.

Continue reading →


9
Nov 11

Adobe, Apple, Microsoft & Mozilla Issue Critical Patches

Adobe, Apple, Microsoft and Mozilla all released updates on Tuesday to fix critical security flaws in their products. Adobe issued a patch that corrects four vulnerabilities in Shockwave Player, while Redmond pushed updates to address four Windows flaws. Apple slipped out an update that mends at least 17 security holes in its version of Java, and Mozilla issued yet another major Firefox release, Firefox 8.

The only “critical” patch from Microsoft this month is a dangerous Windows flaw that could be triggered remotely to install malicious software just by sending the target system specially crafted packets of data. Microsoft says this vulnerability may be difficult to reliably exploit, but it should be patched immediately. Information on the other three flaws fixed this week is here. The fixes are available via Windows Updates for most supported versions of the operating system, including XP, Vista and Windows 7. Continue reading →


13
Sep 11

Adobe, Windows Security Patches

If you use Windows or Adobe Reader/Acrobat, it’s patch time. Microsoft released five updates to fix at least 15 security vulnerabilities, and Adobe issued a quarterly update to eliminate 13 security flaws in its PDF Reader and Acrobat products.

The Microsoft patches, available via Windows Update and Automatic Update, address security holes in Excel, Office, Windows Server and SharePoint. None of the flaws earned Redmond’s most dire “critical” rating, but it’s a mistake to let too much time go by before installing these updates.

Adobe’s patches for Reader and Acrobat correct critical vulnerabilities in the programs that could be exploited by attackers just by convincing users to open a booby-trapped file. Updates are available for Adobe Reader X (10.1) and earlier versions for Windows, Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh.

Acrobat users should check out the Adobe security advisory. Heads up for users of older versions of Reader and Acrobat: support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3, 2011.

As always, please leave a note in the comments section below if you experience any issues resulting from the installation of these updates.


5
Jun 11

Flash Player Patch Fixes Zero-Day Flaw

Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

The vulnerability — a cross-site scripting bug that could be used to take actions on a user’s behalf on any Web site or Webmail provider, exists in Flash Player version 10.3.181.16 and earlier for Windows, Macintosh, Linux and Solaris. Adobe recommends users update to version 10.3.181.22 (on Internet Explorer, the latest, patched version is 10.3.181.23).  To find out what version of Flash you have, go here.

Google appears to have already pushed out an update that fixes this flaw in Chrome. Adobe says it will ship an update to fix this flaw on Android sometime this week.

Adobe said it is still investigating whether this is exploitable in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems, and that it is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

Remember that if you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as Firefox and Opera. Updates are available by browsing with the appropriate browser to the Flash Player Download Center. Bear in mind that updating via the Download Center involves installing Adobe’s Download Manager, which may try to foist additional software. If you’d prefer to update manually, the direct installers for Windows are available at this link. If you run into problems installing this update, you’ll want to uninstall previous versions of Flash Player and then try again.


16
May 11

Something Old is New Again: Mac RATs, CrimePacks, Sunspots & ZeuS Leaks

New and novel malware appears with enough regularity to keep security researchers and reporters on their toes. But, often enough, there are seemingly new perils that  really are just old threats that have been repackaged or stubbornly lingering reports that are suddenly discovered by a broader audience. One of the biggest challenges faced by  the information security community is trying to decide which threats are worth investigating and addressing.  To illustrate this dilemma, I’ve analyzed several security news headlines that readers forwarded  to me this week, and added a bit more information from my own investigations.

I received more than two dozen emails and tweets from readers calling my attention to news that the source code for the 2.0.8.9 version of the ZeuS crimekit has been leaked online for anyone to download. At one point last year, a new copy of the ZeuS Trojan with all the bells and whistles was fetching at least $10,000. In February, I reported that the source code for the same version was being sold on underground forums. Reasonably enough, news of the source leak was alarming to some because it suggests that even the most indigent hackers can now afford to build their own botnets.

A hacker offering to host and install a control server for a ZeuS botnet.

We may see an explosion of sites pushing ZeuS as a consequence of this leak, but it hasn’t happened yet. Roman Hüssy, curator of ZeusTracker, said in an online chat, “I didn’t see any significant increase of new ZeuS command and control networks, and I don’t think this will change things.” I tend to agree. It was already ridiculously easy to start your own ZeuS botnet before the source code was leaked. There are a number of established and relatively inexpensive services in the criminal underground that will sell individual ZeuS binaries to help novice hackers set up and establish ZeuS botnets (some will even sell you the bulletproof hosting and related amenities as part of a package), for a fraction of the price of the full ZeuS kit.

My sense is that the only potential danger from the release of the ZeuS source code  is that more advanced coders could use it to improve their current malware offerings. At the very least, it should encourage malware developers to write more clear and concise user guides. Also, there may be key information about the ZeuS author hidden in the code for people who know enough about programming to extract meaning and patterns from it.

Are RATs Running Rampant?

Last week, the McAfee blog included an interesting post about a cross-platform “remote administration tool” (RAT) called IncognitoRAT that is based on Java and can run on Linux, Mac and Windows systems. The blog post featured some good details on the functionality of this commercial crimeware tool, but I wanted to learn more about how well it worked, what it looks like, and some background on the author.

Those additional details, and much more, were surprisingly easy to find. For starters, this RAT has been around in one form or another since last year. The screen shot below shows an earlier version of IncognitoRAT being used to remotely control a Mac system.

IncognitoRAT used to control a Mac from a Windows machine.

The kit also includes an app that allows customers to control botted systems via jailbroken iPhones.

Incognito ships with an app that lets customers control infected computers from an iPhone

The following video shows this malware in action on a Windows system. This video was re-recorded from IncognitoRAT’s YouTube channel (consequently it’s a little blurry), but if you view it full-screen and watch carefully you’ll see a sequence in the video that shows how the RAT can be used to send e-mail alerts to the attacker. The person making this video is using Gmail; we can see a list of his Gchat contacts on the left; and his IP address at the bottom of the screen.  That IP traces back to a Sympatico broadband customer in Toronto, Canada, which matches the hometown displayed in the YouTube profile where this video was hosted. A Gmail user named “Carlo Saquilayan” is included in the Gchat contacts visible in the video.

Continue reading →


13
May 11

Critical Flash Player Update Plugs 11 Holes

Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks.

In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. However, to date, Adobe has not obtained a sample that successfully completes an attack.”

The vulnerabilities exist in Flash versions 10.2.159.1 and earlier for Windows, Mac, Linux and Solaris. To learn which version of Flash you have, visit this link. The new version for most platforms is 10.3.181.14; Android users should upgrade to Flash Player 10.3.185.21 available by browsing to the Android Marketplace on an Android phone; Google appears to have updated Chrome users automatically with this version of Flash back on May 6 (Chrome versions 11.0.696.68 and later have the newest Flash version).

Continue reading →


21
Apr 11

Adobe Reader, Acrobat Update Nixes Zero Day

Adobe shipped updates to its PDF Reader and Acrobat products today to plug a critical security hole that attackers have been exploiting to break into computers. Fixes are available for Mac, Windows and Linux versions of these software titles.

The patch released today addresses two critical flaws. Adobe pushed out a patch for the standalone Flash Player last week, but that same vulnerable component exists in Adobe Reader and Acrobat. Initially, Adobe said it was only aware of attacks on the Flash Player but, in the the latest advisory, it acknowledged the existence of public reports that hackers have been sending out poisoned PDFs that exploit the Flash flaw. Malwaretracker.com, for example, reported that it was receiving reports of malicious PDFs attacking the Flash bug as early as Apr. 17.

The Reader/Acrobat patch also addresses another critical bug (a flaw in the CoolType library of Reader & Acrobat) that could allow attackers to install malicious software. Not much information is public about this vulnerability, except that Poland’s CERT is credited with reporting it. Adobe spokesperson Wiebke Lips said the company was not aware of any exploits in the wild targeting this bug.

The advisory for the latest version is here. Users on Windows and Macintosh can grab the update using the product’s update mechanism. To manually check for an update, open your Reader or Acrobat and choose Help > Check for Updates.


15
Apr 11

Time to Patch Your Flash

If it seems like you just updated your Flash Player software to plug a security hole that attackers were using to break into computers, you’re probably not imagining things: Three weeks ago, Adobe rushed out a new version to sew up a critical new security flaw. Today, Adobe issued a critical Flash update to eliminate another dangerous security hole that criminals are actively exploiting.

This new update addresses a vulnerability first detailed here at KrebsOnSecurity.com on Tuesday, and Adobe deserves credit for responding quickly with a patch. But there are few things that are simple about updating Flash, which ships in a dizzying array of version numbers and for many users must be deployed at least twice to cover all browsers. In addition, users may have to uninstall the existing version before updating to guarantee a trouble-free install. Also, Adobe Air will need to be updated if that software also is already installed. Finally, fixing this same vulnerability in Adobe Reader and Acrobat will require installing another patch, which won’t be out for at least another 10 days.

Continue reading →


11
Apr 11

New Adobe Flash Zero Day Being Exploited?

Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources. The attacks  come less than three weeks after Adobe issued a critical update to fix a different Flash flaw that crooks were similarly exploiting to install malicious software.

According to sources, the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents.

Adobe spokesperson Wiebke Lips said the company is currently investigating reports of a new Flash vulnerability, and that Adobe may issue an advisory later today if it is confirmed.

On March 11, Adobe issued a critical update to fix a security hole in Flash that it had earlier said was being attacked via malicious Flash content embedded in Microsoft Excel files. It’s not clear how long attackers have been exploiting this newest Flash flaw, but its exploitation in such a similar manner as the last flaw suggests the attackers may have a ready supply of unknown, unpatched security holes in Flash at their disposal.

Update, 3:57 p.m. ET: Ever wonder what anti-virus detection looks like in the early hours of a zero day outbreak like this? A scan of one tainted file used in this attack that was submitted to Virustotal.com indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious.

Update, 4:10 p.m. ET: Removed advice about deleting or renaming authplay.dll, which several readers (and now Adobe) have pointed out is specific to Adobe Reader and Acrobat.

Update, 5:05 p.m. ET: Adobe just released an advisory about this that confirms the above information.


1
Apr 11

Spammers Target Kroger Customers

Supermarket giant Kroger Co. is the latest major business to disclose that its customer email list has fallen into into the hands of spammers and scam artists.

In a communication sent to customers today, Kroger said its database of customer names and email addresses had been breached by someone outside the company. A call to the 1-800 number included in the missive connects to a lengthy recorded message warning customers about an increase in phishing attacks and spam targeting Kroger customers. Kroger’s media relations folks have not yet returned calls seeking comment.

The disclosure comes close on the heels of similar acknowledgments from McDonalds, Walgreens, Honda, deviantART, and most recently TripAdvisor and play.com. They appear to be the lingering fallout from a series of sophisticated, targeted attacks against dozens of email service providers (ESPs) that manage communications between some of the world’s top brands and customers that have opted-in to receive messages from these companies.

In most cases, the spam sent to customers of these companies pushed recipients to buy dodgy services and software. It’s not clear which email service provider may have leaked the Kroger customer information, but it seems that few — if any — ESPs have escaped injury.

According to the CEO of play.com, that breach involved an attack against marketing firm SilverPop Systems. SilverPop did not respond to requests for comment.

I called SilverPop today because a source forwarded a junk email message to me that appears to have been sent directly from SilverPop’s internal email systems (the text and headers from that email are here). The missive is an offer to download Adobe Reader, and recipients who click the included link are brought to a page that tries to charge them for the free software. This approach is almost identical to the scam emails sent out directly after the successful attacks against email services providers in November of last year.

My initial reporting on this attack against the email service provider industry indicates that most of the providers in the industry had client customer data stolen. I’m left wondering how long we have to keep watching this stream of disclosures trickle out, and how long it might take for email service providers like SilverPop to get their houses in order?

Update, 6:55 p.m. ET: A story in the Cincinnati Business Courier says the breach occurred at Epsilon, an email service provider headquartered in Dallas.

Update, 9:45 p.m. ET: Several readers have reported receiving similar disclosures today from gift store Brookstone.

Update, Apr. 2, 9:35 a.m. ET: Another reader wrote in to say he’d received a notification (PDF) from U.S. bank, which said the financial institution’s customer email list was stolen due to a breach at Epsilon.

Update, Apr. 2, 5:41 p.m. ET: The Epsilon breach extends to JP Morgan Chase, McKinsey Quarterly, and apparel chain New York & Co, according to new disclosures from those companies.

Update, Apr. 2, 8:45 p.m. ET: And the list of disclosures continues: The Home Shopping Network just issued a release (PDF) saying its customer list was compromised via the Epsilon breach.

Update, Apr. 2, 9:00 p.m. ET: Looks like we can add TiVo to the list, although the company’s disclosure doesn’t say which email service provider was responsible.

Update, Apr. 3, 9:11 a.m. ET: According to SecurityWeek.com, the brands impacted by the Epsilon breach include Capital One, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry’s, King Soopers, Marriott Rewards, QFC, Ralphs, Ritz Carlton, and Smith Brands and Walgreens.