Adobe Flash/Acrobat/Reader exploits-in-the-wild
FYI...
Adobe Flash/Acrobat/Reader vulns
___
Status update: Adobe vulnerabilities - exploits-in-the-wild ...
- http://www.adobe.com/support/securit...apsa10-01.html
Last updated: June 8, 2010 - "... We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010. The patch date for Flash Player 10.x for Solaris is still to be determined.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."
- http://atlas.arbor.net/briefs/index#-1218073436
Title: Adobe Flash, Reader, and Acrobat 0day authplay Vulnerability
Severity: Extreme Severity
June 09, 2010 - "Analysis: This is an active, critical issue being exploited in the wild. We have multiple sources of these attacks with minimal AV detection. We encourage sites to investigate remediation steps immediately to address this."
Source: http://www.us-cert.gov/cas/techalerts/TA10-159A.html
- http://www.f-secure.com/weblog/archives/00001963.html
June 8, 2010 - "... spam run pushing a PDF exploit... screenshot of the PDF attachment..."
Adobe 0-day used in targeted attacks
- http://community.websense.com/blogs/...n-attacks.aspx
9 Jun 2010
- http://www.kb.cert.org/vuls/id/486225
Date Last Updated: 2010-06-09
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1297
Last revised: 06/09/2010
CVSS v2 Base Score: 9.3 (HIGH)
Mitigations for Adobe vulnerability: CVE-2010-1297
- http://www.sophos.com/blogs/sophoslabs/?p=9954
June 8, 2010 - "...
1. Renaming authplay.dll: Our testing shows that this workaround, at least for this sample, works successfully (as claimed by Adobe). Acrobat will work normally on regular PDFs, but on exploited files (and potentially others with embedded SWF files), it will crash, but the exploit will fail.
2. Disabling JavaScript: As recommended previously, disabling JavaScript in Acrobat Reader is another workaround for this sample (since it relies on JavaScript to create the shellcode).
3. Alternative PDF reader: The exploit depends upon embedded SWF content, so PDF readers which ignore this ought to be safe..."
- http://www.symantec.com/connect/blog...er-and-acrobat
June 6, 2010 - "We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory* are in the wild. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:
• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web..."
- http://krebsonsecurity.com/2010/06/a...crobat-reader/
June 5, 2010
- http://blog.trendmicro.com/zero-day-...n-in-the-wild/
June 5, 2010
- http://blogs.adobe.com/psirt/2010/06..._adobe_re.html
June 4, 2010
Adobe Flash Player vuln
- http://secunia.com/advisories/40026/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Adobe Flash Player 10.x, Adobe Flash Player 9.x ...
NOTE: The vulnerability is reportedly being actively exploited.
Solution: Reportedly, the latest version 10.1 Release Candidate is not affected...
- http://labs.adobe.com/downloads/flashplayer10.html
Reported as a 0-day.
Original Advisory: Adobe:
* http://www.adobe.com/support/securit...apsa10-01.html
Adobe Reader/Acrobat vuln
- http://secunia.com/advisories/40034/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
NOTE: The vulnerability is currently being actively exploited.
Solution: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files...
Reported as a 0-day.
:fear::fear:
Adobe Reader/Acrobat v9.3.3 released
FYI...
Adobe Reader/Acrobat v9.3.3 released
- http://www.adobe.com/support/securit...apsb10-15.html
June 29, 2010 - CVE numbers: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, CVE-2010-2212
Platform: All Platforms
Summary: Critical vulnerabilities have been identified in Adobe Reader/Acrobat 9.3.2... Adobe recommends users of Adobe Reader/Acrobat 9.3.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader/Acrobat 9.3.3. (For Adobe Reader/Acrobat users on Windows and Macintosh, who cannot update to Adobe Reader/Acrobat 9.3.3, Adobe has provided the Adobe Reader/Acrobat 8.2.3 update.)...
Adobe Reader/Acrobat - Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates...
- http://www.adobe.com/support/downloads/new.jsp
- http://secunia.com/advisories/40034/
Last Update: 2010-06-30
Criticality level: Extremely critical
Impact: System access
Where: From remote ...
NOTE: The vulnerability is currently being actively exploited...
Solution: Update to version 9.3.3 or 8.2.3.
- http://securitytracker.com/alerts/2010/Jun/1024159.html
Jun 29 2010
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1240
Last revised: 07/02/2010
CVSS v2 Base Score: 9.3 (HIGH)
"... Acrobat 9.x before 9.3.3, and 8.x before 8.2.3..."
- http://isc.sans.edu/diary.html?storyid=9112
Last Updated: 2010-07-02 02:43:08 UTC
:fear:
Adobe Reader 0-day, again...
FYI...
Adobe Reader 0-day, again...
- http://www.theregister.co.uk/2010/08...e_reader_vuln/
4 August 2010 - "... yet another vulnerability in Adobe Reader that allows hackers to execute malicious code on computers by tricking their users into opening booby-trapped files... Brad Arkin, senior director of product security and privacy at Adobe, said members of the company's security team attended Miller's talk and have since confirmed his claims that the vulnerability can lead to remote code execution. The team is in the process of developing a patch and deciding whether to distribute it during Adobe's next scheduled update release or as an “out-of-band” fix that would come out in the next few weeks..."
- http://blogs.adobe.com/adobereader/
- http://secunia.com/advisories/40766/
Last update: 2010-08-06
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
... Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected...
- http://www.adobe.com/support/securit...apsb10-17.html
August 5, 2010 - "Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862... Adobe expects to make these updates available during the week of August 16, 2010... Note that these updates represent an out-of-band release. Adobe is currently scheduled to release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010..."
- http://blogs.adobe.com/psirt/2010/08...d-acrobat.html
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2862
Last revised: 08/06/2010
:fear:
Flash Player critical update...
FYI...
Adobe Flash Player / Adobe AIR - critical updates
- http://www.adobe.com/support/securit...apsb10-16.html
August 10, 2010 - "Critical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.
CVE number: CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216
Affected software versions:
• Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris
• Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux...
For users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.280, which can be downloaded from here*...
Adobe recommends all users of Adobe AIR 2.0.2.12610 and earlier versions update to the newest version 2.0.3 by downloading it from the Adobe AIR Download Center:
- http://get.adobe.com/air/
* http://kb2.adobe.com/cps/406/kb406791.html
Direct download current version - executable Flash Player installer...
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...
Flash test site: http://www.adobe.com/software/flash/about/
... should read: "You have version 10,1,82,76 installed"
___
Adobe Flash Media Server - critical update
- http://www.adobe.com/support/securit...apsb10-19.html
August 10, 2010
CVE number: CVE-2010-2217, CVE-2010-2218, CVE-2010-2219, CVE-2010-2220
Platform: Windows, Linux ...
___
Hotfix available for ColdFusion
- http://www.adobe.com/support/securit...apsb10-18.html
August 10, 2010
Affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote**...
Severity rating: Adobe categorizes this as an important update...
** http://kb2.adobe.com/cps/857/cpsid_85766.html
___
http://www.securitytracker.com/id?1024313 - Flash Player
http://www.securitytracker.com/id?1024315 - Flash Media Server
http://www.securitytracker.com/id?1024314 - ColdFusion
Aug 10 2010
:fear:
Adobe Reader/Acrobat v9.3.4 released
FYI...
Adobe Reader/Acrobat v9.3.4 released
- http://www.adobe.com/support/securit...apsb10-17.html
August 19, 2010
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2862
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1240
Platform: All Platforms
Summary: Critical vulnerabilities have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system... Adobe recommends users of Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.4, Adobe has provided the Adobe Reader 8.2.4 update*.) Adobe recommends users of Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.4. Adobe recommends users of Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.4...
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240)...
Users can utilize the product's update mechanism...
* http://www.adobe.com/support/downloads/new.jsp
___
- http://www.us-cert.gov/cas/techalerts/TA10-231A.html
August 19, 2010 - "... vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file...
Solution:
• Update... Users are encouraged to read Adobe Security Bulletin APSB10-17* and update vulnerable versions of Adobe Reader and Acrobat...
• Disable JavaScript in Adobe Reader and Acrobat ... JavaScript can be disabled using the Preferences menu...
• Disable the display of PDF files in the web browser ... Uncheck the 'Display PDF in browser' checkbox...."
(More detail at the US-CERT URL above.)
* http://www.adobe.com/support/securit...apsb10-17.html
:fear:
Shockwave Player v11.5.8.612 released
FYI...
Shockwave Player v11.5.8.612 released
- http://www.adobe.com/support/securit...apsb10-20.html
August 24, 2010
CVE number: CVE-2010-2863, CVE-2010-2864, CVE-2010-2865, CVE-2010-2866, CVE-2010-2867, CVE-2010-2868, CVE-2010-2869, CVE-2010-2870, CVE-2010-2871, CVE-2010-2872, CVE-2010-2873, CVE-2010-2874, CVE-2010-2875, CVE-2010-2876, CVE-2010-2877, CVE-2010-2878, CVE-2010-2879, CVE-2010-2880, CVE-2010-2881, CVE-2010-2882
Platform: Windows and Macintosh
Summary: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.7.609 and earlier versions on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions update to Adobe Shockwave Player 11.5.8.612...
Solution: Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions upgrade to the newest version 11.5.8.612, available here: http://get.adobe.com/shockwave/ ...
:fear::fear:
0-day Adobe Reader/Acrobat "being actively exploited in the wild"...
FYI...
- http://www.adobe.com/support/securit...apsa10-02.html
September 8, 2010 - "... A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild..."
- http://isc.sans.edu/diary.html?storyid=9523
Last Updated: 2010-09-08 18:03:06 UTC
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2883
Last revised: 09/10/2010 - "... exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3
Adobe Reader/Acrobat vuln... unpatched
- http://secunia.com/advisories/41340/
Release Date: 2010-09-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
...vulnerability is confirmed in versions 8.2.4 and 9.3.4. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
Solution: Do not open untrusted files.
Provided and/or discovered by: Reported as a 0-day....
- http://www.virustotal.com/file-scan/...a2b-1283972909
File name: Golf Clinic.pdf
Submission date: 2010-09-08 19:08:29 (UTC)
Result: 11/43 (25.6%)
(Better)...
- http://www.virustotal.com/file-scan/...a2b-1284031469
File name: Golf Clinic.pdf
Submission date: 2010-09-09 11:24:29 (UTC)
Result: 21/43 (48.8%)
:fear::fear:
0-day Flash vuln "exploit in the wild"...
FYI...
0-day Flash vuln "exploit in the wild"...
- http://www.adobe.com/support/securit...apsa10-03.html
September 13, 2010 - "... A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884*) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010.
We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://isc.sans.edu/diary.html?storyid=9544
Last Updated: 2010-09-14 00:40:35 UTC
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2884
- http://secunia.com/advisories/41434/
Release Date: 2010-09-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
- http://securitytracker.com/alerts/2010/Sep/1024432.html
Sep 14 2010
:fear:
Flash update 2010.09.20 ...
FYI...
Flash update 2010.09.20 ...
- http://www.adobe.com/support/securit...apsa10-03.html
Last updated: September 17, 2010 - "... We now expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems on Monday September 20, 2010. A fix is now available for Google Chrome users. Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://googlechromereleases.blogspot...pdates_17.html (September 17, 2010). We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2884
Last revised: 09/18/2010 - "... as exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3 (HIGH)
- http://xforce.iss.net/xforce/xfdb/61771
September 18, 2010 - High Risk
** http://www.google.com/support/chrome...n&answer=95414
"...You can tell if updates are available if the wrench icon on the browser toolbar has a little orange dot: update notification. To apply the update, just close and restart the browser..."
:fear: