blog trackingRealtime Web Statistics Adobe Archives - Page 4 Of 5 - Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant - Part 4

Posts Tagged ‘Adobe’

Adobe patches two vulnerabilities in Reader and Acrobat



Adobe releases out-of-band patch for Adobe Reader and Acrobat 9.x in order to address actively exploited vulnerabilities

Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin’s Computer Incident Response Team and members of the Defense Security Information Exchange reported it to Adobe.

[ The Web browser is your portal to the world — as well as the conduit that lets in many security threats. InfoWorld’s expert contributors show you how to secure your Web browsers in this “Web Browser Security Deep Dive” PDF guide. ]

Symantec confirmed a few days later that the vulnerability had been exploited since the beginning of November in email-based attacks that targeted companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries.

Since the original advisory was published last week, Adobe has learned of a second vulnerability that was also being exploited in the wild. The company assigned an identifier of CVE-2011-4369 to the new flaw, but it’s not clear if it’s related to the same attacks as the first one.

“The Adobe Reader and Acrobat team was able to provide a fix for this new issue as part of today’s update. Note also that at this time, we are only aware of one instance of CVE-2011-4369 being used,” said Wiebke Lips, Adobe’s senior manager of corporate communications.

Even though the vulnerabilities also affect the Adobe Reader and Acrobat X (10.x) branch, Adobe decided to postpone updates for these versions until the next scheduled update cycle on Jan. 10.

“Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing, we are planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update,” the company said in a security bulletin published today.

Updates for Adobe Reader 9.x for Unix will also be released on Jan. 10, because the attacks are not considered an immediate threat to Unix users. Users of the Windows 9.x versions are strongly encouraged to upgrade to Adobe Reader and Acrobat 9.4.7 in order to protect their computers.

Article source: http://www.infoworld.com/d/security/adobe-patches-two-vulnerabilities-in-reader-and-acrobat-181983?source=rss_security

View full post on National Cyber Security

(1) HIGH: Adobe Reader Unspecified Vulnerability

Category: Widely Deployed Software

Affected:

  • Adobe Reader X (10.1.1) and earlier
  • Adobe Reader 9.4.6 and earlier

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Adobe InDesign, Reader & X Suite Advanced Malware Attacks

Fake emails used in December 6 and December 7 attacks attempt to trick Adobe users into opening malware-laden attachments. According to two separate Sophos reports, attackers sent one email to Adobe InDesign users, and another email to Adobe Reader and X Suite users. Both emails contain attachments claiming to be part of a critical “Adobe update,” but contain malware instead. However, Adobe does not issue updates via email, and never have, according to the Adobe Online Piracy page. Following are some facts about the attacks, facts about the fake emails, and other important information.

Who did the Adobe malware attacks target?

The attacks contain similar wording, similar malware, and come only a day apart. The first attack was an email aimed at Adobe Reader and Adobe X Suite Advanced users. According to the first Sophos report, it contains the Trojan known as, “Troj/BredoZp-GY.” The second attack was an email aimed at Adobe InDesign users, and it contains the Trojan known as, “Troj~Bredo-MY,” according to the second Sophos report.

What did the fake Adobe Reader and X Suite Advanced emails say?

According to the first Sophos report, the emails to Reader and X Suite Advanced users claimed to be from Adobe Systems Incorporated, and claimed to contain a new version or a critical upgrade to an existing version located in the attached file. However, the notification reference numbers, exact message wording, and the last word in the attached file names are different in each email. The attachment file name reads, “AdobeSystems-Software_Critica Update Dec_2011,” and then a random word or number comes after it, and then the ZIP file extension (.zip) is added. In reality, this attachment contains an executable program file that Sophos determined to be a malware program with the same name, but swapping the “.zip” file extension for the “.exe” file extension.

What did the fake Adobe InDesign emails say?

According to the second Sophos report, the emails to Adobe InDesign users claimed to contain an updated license key to the Adobe InDesign Creative Suite 4 (CS4) program. Each email contains an attachment that Sophos determined to be malware-laden. The attachment is labeled, “License_key_ID,” contains a random number, and the ZIP file extension (.zip). The subject line stays the same with each of the emails and reads, “InDesign CS4 License Key,” while claiming to be from, “Adobe Systems Incorporated,” just as the Reader and X Suite Advanced attack emails do.

How dangerous is the malware contained in the emails?

According to Sophos, both Trojans create fake Windows registry keys, and create files within the “svchost.exe,” process, which is necessary for any Windows-based computer to operate normally. The Trojans were also identified as variants of the Zeus Trojan, so they are quite dangerous. According to PC World, Zeus, detected in 2006, allowed 60 of its creators to get away with stealing more than $200 million by the time they were charged with numerous crimes in 2010.

What else should users know about the attacks?

While most Adobe users know Adobe does not issue updates via email, some are fooled because the emails look official. Nevertheless, on its Online Piracy page Adobe states that anyone receiving an email claiming to be from Adobe and asking for personal information should report that email as fraud. Otherwise, if a computer is infected, using an already installed and up to date security program that can remove the Zeus Trojan should work to remove these variants.

Jessica (JC) Torpey is a self-taught computer technician with more than 10 years experience in the field. JC’s passion is studying the various political and business aspects of the technology industry. Combining that knowledge with her love of computers, JC uses it to influence her writing.

Article source: http://news.yahoo.com/adobe-indesign-reader-x-suite-advanced-malware-attacks-204300554.html

View full post on National Cyber Security » Virus/Malware/Worms

Symantec confirms Adobe Reader exploits targeted defence companies

Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.

“We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview Wednesday.

Symantec mined its global network of honeypots and security detectors — and located email messages with attached malicious PDF documents — to come to that conclusion.

The inclusion of defense contractors was not unexpected.

Yesterday, when Adobe warned Reader and Acrobat users that hackers were exploiting a “zero-day” bug on Windows PCs, it credited Lockheed Martin’s security response team and the Defense Security Information Exchange (DSIE), a group of major defense contractors that share information about computer attacks, with reporting the vulnerability.

The DSIE is composed of companies that are also part of what the federal government calls the “Defense Industrial Base,” or DIB. Among the DIB’s members are some of the country’s largest defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrup Grumman, Pratt Whitney and Raytheon.

Symantec found attack emails dated 1 November and 5 November, 2011.

It also published an image of a redacted email of the attack’s bait — the promise of a 2012 guide to policies on new contract awards — that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The message’s subject heading read, “FY12 XXXXX Contract Guide,” and the body simply stated, “FY12 XXXXX contract guide is now available for all contractors of XXXXX. The new guide contains update information of XXXXX policy on contract award process.

Opening the attached attack PDF also executed the malicious code — likely malformed 3-D graphics data — hidden in the PDF, compromising the targeted PC and letting the attacker infect the machine with malware.

That malware, Talbot said, was identical to what was used in early 2010 by hackers exploiting a then-unpatched bug in Microsoft’s Internet Explorer 6 (IE6) and IE7.

Symantec labeled the malware “Sykipot” last year.

“It’s not overly sophisticated,” said Talbot. “It’s a general-purpose backdoor. One of the interesting things about it is that it does use a form of encryption of the stolen information, which helps the attack hide what information is stolen.”

Sykipot encrypts the pilfered data after it has been retrieved from the victimised firm but while it is still stored on the company’s network, as well as when it’s transmitted to a hacker-controlled server.

Those command-and-control (CC) servers are still operating, Talbot said.

Because of the similarities — using Sykipot, which isn’t widely in play, and exploiting zero-day vulnerabilities — Symantec suspects that the same group of hackers who launched the attacks against IE6 and IE7 last year were also responsible for the Reader-based attacks seen last month.

Microsoft patched the IE6 and IE7 vulnerability on 30 March, 2010, in an emergency, or “out-of-band,” update.

Although Symantec found evidence of only the early-November attacks, Talbot said he wouldn’t be surprised if the criminals fired off another information-stealing campaign between now and next week, when Adobe promised to patch the bug in Reader and Acrobat 9.x on Windows, the versions that have been exploited in the wild.

Talbot declined to specify the geographic location of the Sykipot CC servers, or speculate on the origin of the Reader exploits.

Adobe will patch the Windows versions of Reader and Acrobat 9.x by the end of next week, and has promised to deliver fixes to Reader and Acrobat 9.x to Mac and Unix users, and to Reader and Acrobat 10.x for all platforms, next month.

Symantec has shipped detection signatures for the rogue PDFs to its customers, said Talbot.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1ac43c33/l/0Lnews0Btechworld0N0Csecurity0C33237640Csymantec0Econfirms0Eadobe0Ereader0Eexploits0Etargeted0Edefence0Ecompanies0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Beware Adobe Software Upgrade Notification – malware attached!

Cybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced.Beware Adobe Software Upgrade Notification – malware attached!, Blog, Software, malware, Adobe, Beware, upgrade, Notification, attached

View full post on Naked Security — Sophos

View full post on National Cyber Security

Adobe SSL Certificate Problem (fixed), (Wed, Oct 5th)

Tuesday morning, we received a number of reports from readers indicating that the SSL certificate used for “settings.adobe.com” was out of date. Initially, we had a hard time reproducing the finding. But some of our handlers in Europe were able to see the expired certificate.

The expired certificate was valid from Oct 6th  2009 to Oct 6h 2010. Which is somewhat unusual. Typically, we would expect a certificate that “just expired yesterday” and someone forgot to renew it. In this case, it looked more like someone installed an older certificate instead of the new one.

The correct certificate was pretty much exactly a year old and valid for another year. Everything indicated that the Adobe certificates indeed expire in the first week of October.

In the end, we narrowed the affected geography down to Europe and contacted Adobe. Adobe responded promptly and as of this evening, the problem appears to be fixed. Thanks everybody who helped via twitter narrowing down the affected geography and thanks to the readers reporting this initially.

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Article source: http://isc.sans.edu/diary.html?storyid=11737&rss

View full post on National Cyber Security

Gergory Evans

11.40.6 Adobe Flash Player Multiple Vulnerabilities

CVEs: CVE: CVE-2011-2426,CVE-2011-2427,CVE-2011-2428,CVE-2011-2429,CVE-2011-2430,CVE-2011-2444

Platform: Cross Platform

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Gergory Evans

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Adobe Tricks Users into Downloading, Installing Google Chrome

IconIt might be common, but that doesn’t mean I’m not allowed to wail against it — especially since I was not familiar with this particular case. As it turns out, several of Adobe products’ download pages have opt-out checkboxes to also install Google Chrome. This was spyware-like behaviour when Apple did it with Safari and the iPhone Configuration Utility, and it is still spyware-like behaviour when Adobe and Google do it with Chrome.

Since I haven’t downloaded Adobe Flash separately for a while now (Chrome has it included anyway), I hadn’t yet noticed this, but as it turns out, when you go to Flash’ download page, a checkbox is marked which automatically downloads and installs Google Chrome alongside Flash (unless you already have Chrome installed). The checkbox is marked by default, so it’s opt-out instead of opt-in. Further DuckDuckGoing reveals that Adobe Reader X, too, has Chrome bundled with it.

I have no issues with these kinds of bundles — or with Apple using its updater to offer Safari to Windows users — but only if it’s opt-in. In other words, the user should have to specifically select a checkbox — if he doesn’t, no additional spyware should be installed.

You can expect this kind of behaviour from sleazy toolbars and porn sites — but not from Google and Adobe. The only reason I’m highlighting this here as much as I’m doing is because this sleazeball and slimey behaviour needs to stop. Chrome is perfectly capable of getting around on its own (unlike Safari for Windows, which sucks beyond belief), and this only reflects badly upon an otherwise excellent browser.

Google and Adobe, please stop this.

Article source: http://osnews.com/story/25184/Adobe_Tricks_Users_into_Downloading_Installing_Google_Chrome

View full post on National Cyber Security » Spyware/ Cyber Snooping

Page 4 of 5«12345»

My Twitter

Gregory D. Evans On Facebook