Page 2 of 11 FirstFirst 123456 ... LastLast
Results 11 to 20 of 107

Thread: Old Adobe updates/advisories

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Acrobat Reader 0-Day exploit in the wild...

    FYI...

    - http://www.shadowserver.org/wiki/pmw...endar.20090221
    21 February 2009 - "...Work Arounds & Windows Group Policy Object (GPO)
    As we mentioned the main work around for this is to disable JavaScript. Acrobat will still crash but the exploit should fail. While all platforms are reportedly affected, we should note that we have only seen active exploits for Windows and not Linux or OS X platforms. Once again to disable JavaScript in Acrobat [Reader], take the following steps:
    Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript
    Elazar Broad also wrote into us the other day and provided a GPO that can be used to disable JavaScript for Adobe Acrobat [Reader]. We have not tested it but you can grab it by clicking here*. Basically these are the keys of interest (from HKEY_CURRENT_USER):
    Adobe Acrobat Reader:
    Software\Adobe\Acrobat Reader\x.0\JSPrefs
    Adobe Acrobat:
    Software\Adobe\Adobe Acrobat\x.0\JSPrefs
    Setting the DWORD "bEnableJS" to 0 will disable JavaScript...
    Details Released
    We knew it would not take too long - the details of the vulnerable function and enough information to potentially recreate the exploit have now been published publicly... Expect that a wider set of attackers will now start using this exploit in the near future before the patch is released. In other words... DISABLE JAVASCRIPT and patch as soon as it becomes available!"
    * http://www.shadowserver.org/wiki/upl...ndar/adobe.txt

    - http://www.kb.cert.org/vuls/id/905281
    Last Updated: 2009-02-23

    Last edited by AplusWebMaster; 2009-02-23 at 19:59.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v10.0.22.87 released

    FYI...

    Flash Player v10.0.22.87 released
    - http://www.adobe.com/support/securit...apsb09-01.html
    Release date: February 24, 2009
    Vulnerability identifier: APSB09-01
    CVE number: CVE-2009-0519, CVE-2009-0520, CVE-2009-0522, CVE-2009-0114, CVE-2009-0521
    Platform: All Platforms...
    Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87*...
    * http://www.adobe.com/go/getflash -or- http://get.adobe.com/flashplayer/otherversions/
    For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link**...
    ** http://www.adobe.com/go/kb406791

    Version test for Adobe Flash Player
    - http://kb.adobe.com/selfservice/view...nalId=tn_15507

    Last edited by AplusWebMaster; 2009-02-25 at 22:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Security Updates available for Adobe Reader 9...

    FYI...

    Security Updates available for Adobe Reader 9 and Acrobat 9
    - http://www.adobe.com/support/securit...apsb09-03.html
    Release date: March 10, 2009
    Vulnerability identifier: APSB09-03
    CVE number: CVE-2009-0658
    Platform: All Platforms...
    Affected software versions:
    Adobe Reader 9 and earlier versions
    Adobe Acrobat 9 Standard, Pro, and Pro Extended and earlier versions
    Solution: Adobe Reader
    Adobe recommends Adobe Reader users update to Adobe Reader 9.1, available here:
    - http://get.adobe.com/reader/
    Acrobat 9
    Adobe recommends Acrobat 9 Standard and Acrobat 9 Pro users on Windows update to Acrobat 9.1, available at the following URLs:
    - http://www.adobe.com/support/downloa...jsp?ftpID=4375
    - http://www.adobe.com/support/downloa...jsp?ftpID=4382
    Adobe recommends Acrobat 9 Pro Extended users on Windows update to Acrobat 9.1, available here:
    - http://www.adobe.com/support/downloa...jsp?ftpID=4381
    Adobe recommends Acrobat 9 Pro users on Macintosh update to Acrobat 9.1, available here:
    - http://www.adobe.com/support/downloa...jsp?ftpID=4374
    Severity rating:
    Adobe categorizes this as a critical issue and recommends that users apply the update for their product installations...

    > http://blogs.adobe.com/psirt/2009/03...obat_91_u.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader v8.1.4, v7.11 released

    FYI...

    - http://isc.sans.org/diary.html?storyid=6034
    Last Updated: 2009-03-18 20:04:58 UTC - "Adobe has released security advisory APSB09-04* for Adobe Reader and Acrobat. The CVE entries related to the vulnerabilities being patched are CVE-2009-0658 and CVE-2009-0927. Current versions are now 9.1, 8.1.4, and 7.11. Updates for both Windows and Macintosh platforms are available..."
    * http://www.adobe.com/support/securit...apsb09-04.html
    Release date: March 18, 2009 - "... Users with Adobe Reader 7.0 through 8.1.3, who can’t update to Adobe Reader 9.1, should update to Adobe Reader 8.1.4 or Adobe Reader 7.1.1, available from one of the following links:
    http://www.adobe.com/support/downloa...atform=Windows
    http://www.adobe.com/support/downloa...form=Macintosh ..."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0658
    Last revised: 03/06/2009

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0927
    Last revised: 03/19/2009

    - http://www.eset.com/threat-center/blog/?p=805
    March 20, 2009 - "...updating re-enables Acrobat JavaScript. While the update presumably (hopefully) fixes the recent vulnerabilities, I’m not sure I’d care to assume that no further vulnerabilities will be found. You might want to consider our earlier advice to disable it..."

    Last edited by AplusWebMaster; 2009-03-20 at 21:41. Reason: Added CVE references, added ESET blog note...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post 2,305 drive-by's using PDFs...

    FYI...

    - http://www.pcworld.com/article/16357..._security.html
    Apr 21, 2009 - "... In 2008, from Jan. 1 through April 16, F-Secure saw PDFs used in 128 dangerous drive-by attacks. This year, during the same time frame, the company has seen 2,305 drive-by's using PDFs. Such attacks go after a vulnerable Reader browser plugin... Poisoned PDFs are also often used as part of a customized, targeted attack, he says, when they're sent to a specifically selected recipient attached to a well-crafted e-mail. Hypponen didn't recommend any particular alternative program, but suggested heading to http://www.pdfreaders.org for a list of free apps. He did point out that at the time of IE 6's security infamy, many switched over to using Firefox. And as that browser gained significant market share, it also drew the hacker's eye..."

    Another freeware alternative: Foxit PDF Reader
    - http://www.foxitsoftware.com/pdf/reader/download.php

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader, Acrobat vuln - unpatched

    FYI...

    - http://blogs.adobe.com/psirt/2009/04...der_issue.html
    April 28, 2009 - "... All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
    1. Launch Acrobat or Adobe Reader.
    2. Select Edit >Preferences
    3. Select the JavaScript Category
    4. Uncheck the ‘Enable Acrobat JavaScript’ option
    5. Click OK
    ... Adobe is also currently investigating the issue posted on SecurityFocus as BID 34740*..."
    * http://www.securityfocus.com/bid/34740/info
    Updated: Apr 29 2009

    - http://isc.sans.org/diary.html?storyid=6286
    Last Updated: 2009-04-29 03:22:48 UTC

    - http://www.f-secure.com/weblog/archives/00001671.html
    April 29, 2009

    - http://www.adobe.com/support/securit...apsa09-02.html
    May 1, 2009 - "...Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009..."

    CVE numbers:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1492
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1493

    Last edited by AplusWebMaster; 2009-05-12 at 17:07.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Targeted attacks - most common file types

    FYI...

    - http://www.f-secure.com/weblog/archives/00001676.html
    May 6, 2009 - "... we decided to take a look at targeted attacks and see which file types were the most popular during 2008 and if that has changed at all during 2009. In 2008 we identified about 1968 targeted attack files. The most popular file type was DOC, i.e. Microsoft Word representing 34.55%... So far in 2009 we have found 663 targeted attack files and the most popular file type is now PDF. Why has it changed? Primarily because there has been more vulnerabilities in Adobe Acrobat Reader than in the Microsoft Office applications... More info about targeted attacks and how they work can be found in our YouTube video*."

    (Charts available at the URL above.)

    * http://www.youtube.com/watch?v=nFw9ZHy0V3c

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Security Updates available for Adobe Reader and Acrobat

    FYI...

    Security Updates available for Adobe Reader and Acrobat
    - http://www.adobe.com/support/securit...apsb09-06.html
    May 12, 2009 - "...Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.
    Affected software versions: Adobe Reader 9.1 and earlier versions. Adobe Acrobat Standard, Pro, and Pro Extended 9.1 and earlier versions.
    Solution
    Adobe Reader: Adobe Reader users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows
    Adobe Reader users on Macintosh can find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh
    Adobe Reader users on UNIX can find the appropriate update here:
    http://www.adobe.com/support/downloa...&platform=Unix
    Acrobat: Acrobat Standard, Pro and Pro Extended users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows
    Acrobat 3D users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows
    Acrobat Pro users on Macintosh can find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh
    Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations...

    Adobe Reader and Acrobat 9.1.1, 8.1.5 and 7.1.2 Release Notes
    - http://kb2.adobe.com/cps/490/cpsid_49013.html
    May 12, 2009

    Last edited by AplusWebMaster; 2009-05-26 at 15:08. Reason: Added link for release notes...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader and Acrobat updated

    FYI...

    Adobe Reader and Acrobat updated
    - http://www.adobe.com/support/securit...apsb09-07.html
    June 9, 2009
    "Adobe Reader: Adobe Reader users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows .
    Adobe Reader users on Macintosh can find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh .

    Acrobat: Acrobat Standard, Pro and Pro Extended users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows .
    Acrobat 3D users on Windows can find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows .
    Acrobat Pro users on Macintosh can find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh ...

    Critical vulnerabilities have been identified in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
    Adobe recommends users of Adobe Reader and Acrobat update their product installations to versions 9.1.2, 8.1.6, or 7.1.3 using the instructions above to protect themselves from potential vulnerabilities...
    Severity rating: Adobe categorizes this as a critical update and recommends that users apply the update for their product installations..."

    - http://secunia.com/advisories/34580/2/
    Release Date: 2009-06-10
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Partial Fix ...
    Original Advisory: Secunia Research: http://secunia.com/secunia_research/2009-24/
    Adobe: http://www.adobe.com/support/securit...apsb09-07.html

    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0198
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0509
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0510
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0511
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0512
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0888
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0889
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1855
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1856
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1857
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1858
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1859
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-1861

    Last edited by AplusWebMaster; 2009-06-14 at 15:00. Reason: Added Secunia and CVE links...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Adobe Reader UNIX update v9.1.2

    FYI...

    Adobe Reader UNIX update v9.1.2
    - http://www.adobe.com/support/securit...apsb09-07.html
    June 16, 2009 - Bulletin updated with link to Adobe Reader UNIX update...
    Adobe Reader users on UNIX can find the appropriate update here:
    http://www.adobe.com/support/downloa...&platform=Unix ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •