Acrobat Reader 0-Day exploit in the wild...
FYI...
- http://www.shadowserver.org/wiki/pmw...endar.20090221
21 February 2009 - "...Work Arounds & Windows Group Policy Object (GPO)
As we mentioned the main work around for this is to disable JavaScript. Acrobat will still crash but the exploit should fail. While all platforms are reportedly affected, we should note that we have only seen active exploits for Windows and not Linux or OS X platforms. Once again to disable JavaScript in Acrobat [Reader], take the following steps:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript
Elazar Broad also wrote into us the other day and provided a GPO that can be used to disable JavaScript for Adobe Acrobat [Reader]. We have not tested it but you can grab it by clicking here*. Basically these are the keys of interest (from HKEY_CURRENT_USER):
Adobe Acrobat Reader:
Software\Adobe\Acrobat Reader\x.0\JSPrefs
Adobe Acrobat:
Software\Adobe\Adobe Acrobat\x.0\JSPrefs
Setting the DWORD "bEnableJS" to 0 will disable JavaScript...
Details Released
We knew it would not take too long - the details of the vulnerable function and enough information to potentially recreate the exploit have now been published publicly... Expect that a wider set of attackers will now start using this exploit in the near future before the patch is released. In other words... DISABLE JAVASCRIPT and patch as soon as it becomes available!"
* http://www.shadowserver.org/wiki/upl...ndar/adobe.txt
- http://www.kb.cert.org/vuls/id/905281
Last Updated: 2009-02-23
:fear:
Flash Player v10.0.22.87 released
FYI...
Flash Player v10.0.22.87 released
- http://www.adobe.com/support/securit...apsb09-01.html
Release date: February 24, 2009
Vulnerability identifier: APSB09-01
CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521
Platform: All Platforms...
Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87*...
* http://www.adobe.com/go/getflash -or- http://get.adobe.com/flashplayer/otherversions/
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link**...
** http://www.adobe.com/go/kb406791
Version test for Adobe Flash Player
- http://kb.adobe.com/selfservice/view...nalId=tn_15507
:fear::fear:
Security Updates available for Adobe Reader 9...
FYI...
Security Updates available for Adobe Reader 9 and Acrobat 9
- http://www.adobe.com/support/securit...apsb09-03.html
Release date: March 10, 2009
Vulnerability identifier: APSB09-03
CVE number: CVE-2009-0658
Platform: All Platforms...
Affected software versions:
Adobe Reader 9 and earlier versions
Adobe Acrobat 9 Standard, Pro, and Pro Extended and earlier versions
Solution: Adobe Reader
Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:
- http://get.adobe.com/reader/
Acrobat 9
Adobe recommends Acrobat 9 Standard and Acrobat 9 Pro users on Windows update to Acrobat 9.1, available at the following URLs:
- http://www.adobe.com/support/downloa...jsp?ftpID=4375
- http://www.adobe.com/support/downloa...jsp?ftpID=4382
Adobe recommends Acrobat 9 Pro Extended users on Windows update to Acrobat 9.1, available here:
- http://www.adobe.com/support/downloa...jsp?ftpID=4381
Adobe recommends Acrobat 9 Pro users on Macintosh update to Acrobat 9.1, available here:
- http://www.adobe.com/support/downloa...jsp?ftpID=4374
Severity rating:
Adobe categorizes this as a critical issue and recommends that users apply the update for their product installations...
> http://blogs.adobe.com/psirt/2009/03...obat_91_u.html
:fear:
Adobe Reader v8.1.4, v7.11 released
FYI...
- http://isc.sans.org/diary.html?storyid=6034
Last Updated: 2009-03-18 20:04:58 UTC - "Adobe has released security advisory APSB09-04* for Adobe Reader and Acrobat. The CVE entries related to the vulnerabilities being patched are CVE-2009-0658 and CVE-2009-0927. Current versions are now 9.1, 8.1.4, and 7.11. Updates for both Windows and Macintosh platforms are available..."
* http://www.adobe.com/support/securit...apsb09-04.html
Release date: March 18, 2009 - "... Users with Adobe Reader 7.0 through 8.1.3, who can’t update to Adobe Reader 9.1, should update to Adobe Reader 8.1.4 or Adobe Reader 7.1.1, available from one of the following links:
http://www.adobe.com/support/downloa...atform=Windows
http://www.adobe.com/support/downloa...form=Macintosh ..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0658
Last revised: 03/06/2009
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0927
Last revised: 03/19/2009
- http://www.eset.com/threat-center/blog/?p=805
March 20, 2009 - "...updating re-enables Acrobat JavaScript. While the update presumably (hopefully) fixes the recent vulnerabilities, I’m not sure I’d care to assume that no further vulnerabilities will be found. You might want to consider our earlier advice to disable it..."
:fear:
2,305 drive-by's using PDFs...
FYI...
- http://www.pcworld.com/article/16357..._security.html
Apr 21, 2009 - "... In 2008, from Jan. 1 through April 16, F-Secure saw PDFs used in 128 dangerous drive-by attacks. This year, during the same time frame, the company has seen 2,305 drive-by's using PDFs. Such attacks go after a vulnerable Reader browser plugin... Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. Hypponen didn't recommend any particular alternative program, but suggested heading to http://www.pdfreaders.org for a list of free apps. He did point out that at the time of IE 6's security infamy, many switched over to using Firefox. And as that browser gained significant market share, it also drew the hacker's eye..."
Another freeware alternative: Foxit PDF Reader
- http://www.foxitsoftware.com/pdf/reader/download.php
:fear::sad:
Adobe Reader, Acrobat vuln - unpatched
FYI...
- http://blogs.adobe.com/psirt/2009/04...der_issue.html
April 28, 2009 - "... All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit >Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
... Adobe is also currently investigating the issue posted on SecurityFocus as BID 34740*..."
* http://www.securityfocus.com/bid/34740/info
Updated: Apr 29 2009
- http://isc.sans.org/diary.html?storyid=6286
Last Updated: 2009-04-29 03:22:48 UTC
- http://www.f-secure.com/weblog/archives/00001671.html
April 29, 2009
- http://www.adobe.com/support/securit...apsa09-02.html
May 1, 2009 - "...Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009..."
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1492
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1493
:fear::spider::fear:
Targeted attacks - most common file types
FYI...
- http://www.f-secure.com/weblog/archives/00001676.html
May 6, 2009 - "... we decided to take a look at targeted attacks and see which file types were the most popular during 2008 and if that has changed at all during 2009. In 2008 we identified about 1968 targeted attack files. The most popular file type was DOC, i.e. Microsoft Word representing 34.55%... So far in 2009 we have found 663 targeted attack files and the most popular file type is now PDF. Why has it changed? Primarily because there has been more vulnerabilities in Adobe Acrobat Reader than in the Microsoft Office applications... More info about targeted attacks and how they work can be found in our YouTube video*."
(Charts available at the URL above.)
* http://www.youtube.com/watch?v=nFw9ZHy0V3c
:fear:
Security Updates available for Adobe Reader and Acrobat
FYI...
Security Updates available for Adobe Reader and Acrobat
- http://www.adobe.com/support/securit...apsb09-06.html
May 12, 2009 - "...Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.
Affected software versions: Adobe Reader 9.1 and earlier versions. Adobe Acrobat Standard, Pro, and Pro Extended 9.1 and earlier versions.
Solution
Adobe Reader: Adobe Reader users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh
Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloa...&platform=Unix
Acrobat: Acrobat Standard, Pro and Pro Extended users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows
Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh
Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations...
Adobe Reader and Acrobat 9.1.1, 8.1.5 and 7.1.2 Release Notes
- http://kb2.adobe.com/cps/490/cpsid_49013.html
May 12, 2009
:fear:
Adobe Reader and Acrobat updated
FYI...
Adobe Reader and Acrobat updated
- http://www.adobe.com/support/securit...apsb09-07.html
June 9, 2009
"Adobe Reader: Adobe Reader users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows .
Adobe Reader users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh .
Acrobat: Acrobat Standard, Pro and Pro Extended users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows .
Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows .
Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh ...
Critical vulnerabilities have been identified in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader and Acrobat update their product installations to versions 9.1.2, 8.1.6, or 7.1.3 using the instructions above to protect themselves from potential vulnerabilities...
Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."
- http://secunia.com/advisories/34580/2/
Release Date: 2009-06-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix ...
Original Advisory: Secunia Research: http://secunia.com/secunia_research/2009-24/
Adobe: http://www.adobe.com/support/securit...apsb09-07.html
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0198
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0509
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0510
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0511
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0512
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0888
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0889
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1855
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1856
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1857
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1858
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1859
http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1861
:fear:
Adobe Reader UNIX update v9.1.2
FYI...
Adobe Reader UNIX update v9.1.2
- http://www.adobe.com/support/securit...apsb09-07.html
June 16, 2009 - Bulletin updated with link to Adobe Reader UNIX update...
Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloa...&platform=Unix ..."
:fear: