Unpatched Adobe Version From Official Site

Started by Corrine, July 21, 2009, 05:01:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

If you recently installed Adobe Reader, is is strongly recommend that you open Adobe Reader 9.x and go to the "Help" -> "About Adobe Reader 9" and verify that your installation is indeed version 9.1.2 (the latest patched version as of this posting). 

See complete report at Secunia.com: Adobe Insecure / Unpatched Version From Official Site

Personally, I have replaced Adobe Reader with an open source reader, selected from http://pdfreaders.org/.  The reader recommended for your operating system at PDFReaders.org will have a green background.  According to the site, "The recommendations are based on ease of use and install and do not reflect the technical merits of the software itself."


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Aaron Hulett

Check for updates wasn't working for me.  I had to uninstall 9.1.1, go to their website and install 9.1.0, then hit check for updates and actually get 9.1.2.

Corrine

YOU know what you're doing.  I wonder how many unsuspecting consumers think they are up to date but instead are still vulnerable.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

And the story continues.  Note that although the number is low, it has been confirmed that malicious links have been injected in legitimate web sites to create a drive-by attack.

Adobe - Security Advisories: APSA09-03 - Security Advisory for Adobe Reader, Acrobat and Flash Player:

QuoteA critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.

YA0D (Yet Another 0-Day) in Adobe Flash player:

QuoteWell, it looks like the last two weeks have definitely been marked by multiple 0-day exploits actively used in the wild.
The last one exploits a vulnerability in Adobe Flash player (versions 9 and 10) as well as Adobe Reader and Acrobat 9.1.2. Besides being a 0-day there are some other interesting things about this exploit.

First, several AV companies reported that they detected this 0-day exploit in PDF files, so at first it looked like an Adobe Reader vulnerability. However, the vulnerable component is actually the Flash player or, better said, the code used by the Flash player which is obviously shared with Adobe Reader/Acrobat. This increases the number of vectors for this attack: the malicious Flash file can be embedded in PDF documents which will cause Adobe Reader to execute it OR it can be used to exploit the Flash player directly, making it a drive-by attack as well.

And indeed, when tested with Internet Explorer and the latest Flash player (version 10), the exploit silently drops a Trojan and works "as advertised". Another interesting thing I noticed is that the Trojan, which is downloaded in the second stage, is partially XOR-ed – the attackers probably did this to evade IDSes or AV programs scanning HTTP traffic. At the moment, the detection for both the exploit and the Trojan is pretty bad (only 7/41 for the Trojan, according to VirusTotal).

It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?). Regarding Flash, NoScript is your best help here, of course.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.