Adobe

Adobe has published a security bulletin about security vulnerabilities in Adobe Flash Player. In all versions up to the recent 10.0.42.34 Flash objects could evade the Sandbox which would allow for unauthorized cross domain requests. The vulnerability is rated critical. The updated version 10.0.45.2 as well of a fixed build of Adobe AIR 1.5.3.1930 is available in the flash download center and the air download center, respectively. Users should apply the update ASAP and administrators in companies should roll the fixed software out soon, too. ...

Adobe Flash is a well well known plugin used today by most of the internet users. Its next upgrade i.e version 10.1 will get private browsing support. Flash player will now automatically clean all flash history of your computer once you end the session. It will use the same technique as used in browsers supporting private browsing. As you end the session the browsers in private mode automatically clears cookies, history and data, similarly flash will also remove any user password, login information or data stored that were associated while working in flash environment. ...

Now here’s an interesting turn of events. In the middle of all the attention to the “Operation Aurora” attacks, we’re now seeing new targeted attacks that are using this very event as the lure to get the targets to open a malicious attachment! Here’s the email we saw: The attachment Chinese cyberattack.pdf (md5: 238ecf8c0aee8bfd216cf3cad5d82448) is a PDF file which exploits the CVE-2009-4324 vulnerability in Adobe Reader (again, this is the one which was patched last week). ...

We just blogged about a highly targeted attack against military contractors. Now we saw one against the intelligence sector. This attack was done with a PDF file. Again. It was targetting the CVE-2009-4324 vulnerability. Again. When opened, the PDF file (md5: c3079303562d4672d6c3810f91235d9b) looked like this: What really happens in the background? Just like last time, the exploit code drops a backdoor in a file called Updater.exe (md5: 02420bb8fd8258f8afd4e01029b7a2b0). Now, what is the document talking about? President’s day? DNI Information Sharing Environment? We don’t know, but a quick web search tells us that apparently there is going to be an Intelligence fair & expo in Germany next month. ...

This Black Tuesday was different as anticipated – Microsoft releases only one security bulletin, but other companies “jumped in” and deliver updates now as well. For the windows operating systems, only one Security Bulletin was released. MS10-001 deals with a vulnerability in the decompression routines of the Embeded OpenType Font Engine. This means that especially in Windows 2000, programs like Internet Explorer, Word or PowerPoint for example which render EOT fonts can put the system at risk when viewing manipulated contents. In newer operating systems the flawed code is used differently so that Microsoft assumes that it isn’t exploitable there. ...

Adobe is currently investigating a new security hole in Reader and Acrobat. Cybercriminals are currently spamming emails with prepared documents which lead to an infection of the computer with malware. The PDF document abuses a buffer overflow in a new place within the Adobe programs. There is a JavaScript object included in the PDF which checks the Reader Version – the exploit works with Adobe Reader starting at version 8. The code it injects downloads malware which it stores in the file “winver32.exe” in the Windows directory. This file drops 3 further files which Avira detects as BDS/Ientlcp.A, TR/Agent.faa and TR/Agent.HO. ...

It’s the second Tuesday of the month and there are important updates being released. From Microsoft, of course, but also from Adobe. There’s a critical security issue in Adobe Flash Player 10.0.32.18 and earlier. It’s important that organizations deploy these updates before the Christmas holiday reduces IT staffing. Fortunately, this patch cycle is as early as can be landing on the 8th so there’s still time to test and deploy. ...