New Adobe Vulnerabilities Being Exploited in the Wild

Adobe posted a vulnerability report warning that vulnerabilities in Adobe Reader and Acrobat XI (11.0.1) and earlier versions are being exploited in the wild. Adobe is currently investigating this issue. According to the FireEye blog posted earlier today, the malicious file arrives as a PDF file. Upon successful exploitation of the vulnerabilities, two malicious DLL files are dropped. Symantec detects the malicious PDF file as Trojan.Pidief and the two dropped DLL files as Trojan Horse....

February 14, 2013 路 1 min 路 176 words 路 Omid Farhang

Adobe fixes ColdFusion security vulnerability

h-Online: On the same day as Microsoft鈥檚 September Patch Tuesday, Adobe released an update for ColdFusion to close a security hole in its rapid web application development software. The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that could be exploited by a remote attacker to cause a denial-of-service (DoS) condition. According to Adobe, the unspecified error affects versions 8.0, 8.0.1, 9.0 to 9.0.2, and 10 of ColdFusion for Windows, Mac OS X and UNIX....

September 12, 2012 路 1 min 路 126 words 路 Omid Farhang

Microsoft to patch Flash hole in Windows 8 shortly

h-online: Microsoft has confirmed that it will deliver a security update for the bundled version of Flash Player used by Internet Explorer 10 (IE10) sooner than previously planned. In a statement sent to ZDNet, Yunsun Wee, Trustworthy Computing Director at Microsoft, said that the company is working closely with Adobe on an updated version of the Flash plugin which 鈥渨ill be available shortly鈥. The forthcoming Windows 8 comes with Internet Explorer 10, which, in turn, includes its own version of Flash Player....

September 12, 2012 路 2 min 路 281 words 路 Omid Farhang

Adobe Flash Player update patches six critical holes

h-Online: Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another bug that was fixed is a cross-domain information leak. The problems exist in Flash Player 11....

August 23, 2012 路 2 min 路 293 words 路 Omid Farhang

Adobe Flash Player 11.3.300.270 for Windows released to address a crash

Adobe wrote: Today, Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe).聽There are no other fixes or changes provided with this build.聽This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi鈥檚 (available on the distribution page.)聽No other platforms are affected. Please be aware that this release is not available from the Product Download Center (http://get....

August 3, 2012 路 2 min 路 344 words 路 Omid Farhang

Worth Reading: Escape from Adobe's sandbox

Adobe Reader X runs in a sandbox at a very restricted privilege level. Important system calls are supposed to be handled by a special broker process that will subject them to extensive testing. However, a small design flaw allows attackers to escape from this sandbox and execute arbitrary code 鈥 despite having both ASLR (Address Space Layout Randomisation) and DEP (Data Execution Prevention). As described by Guillaume Delugr茅, the broker process is at the heart of the exploit as it uses a memory page allocated via VirtualAllocEx to store the overwritten code of system calls which have been redirected to the broker....

June 25, 2012 路 1 min 路 212 words 路 Omid Farhang

Adobe updates Flash Player 11.3 to fix Firefox crashing problem

Adobe has released an updated version of its proprietary Flash Player 11.3 plugin to address a bug that caused Firefox 13 on Windows to crash for some users. The problem is believed to have been related to the recently introduced Protected Mode for the Windows version of Flash Player and the open source web browser; the new mode is designed to isolate the plugin from the rest of the system by running it in its own sandbox....

June 23, 2012 路 1 min 路 175 words 路 Omid Farhang

Sandboxed Flash Player for Firefox: Adobe Flash update closes several critical holes

The H-Online: Adobe has announced the release of an update for Flash Player on Windows, Mac, Linux, Android 3.x and 4.x, and within its own AIR runtime. The update addresses several critical vulnerabilities which involve memory corruption, stack overflows, integer overflows, security being bypassed, null dereferencing and binary planting (DLL hijacking). All, except the security bypass, could lead to code execution. The updates also include a number of security enhancements on various platforms....

June 9, 2012 路 2 min 路 315 words 路 Omid Farhang

Adobe Flash Player update closes critical object confusion hole

The H-Online: Adobe has released a security advisory relating to an object confusion vulnerability which allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file; this exploit only targets Flash Player on Internet Explorer on Windows, though the vulnerability exists on Windows, Mac OS X, Linux and Android versions of the player....

May 5, 2012 路 2 min 路 214 words 路 Omid Farhang

Adobe Creative Suite 6 takes to the cloud

Cross-posted from BetaNews.com: Adobe took the wraps off Creative Suite 6 on Monday, introducing the largest release to date of the content-creation platform. CS6 now includes up to 12 programs and two companion applications, Bridge and Encore, and is available in four editions: Design Standard, Design and Web Premium, Production Premium, and Master Collection. The CS6 beta is one of the most successful in the company鈥檚 history, with one million downloads over the past month of availability alone, a record for Adobe....

April 23, 2012 路 3 min 路 610 words 路 Omid Farhang