May 22, 2013

You are here: Home / Archives for Adobe

Flash Player 11.3 fixes Critical security vulnerabilities

June 11, 2012 by

(LiveHacking.Com) – Adobe has released a new version of its ubiquitous Flash Player. Version 11.3 fixes at least seven critical security vulnerabilities. The new version also enables the background updater for Mac OS X. Older versions are vulnerable to crashes and potential arbitrary code execution. The new version is available for all supported operating systems, i.e. Windows, OS X, Linux. Affected versions including Adobe Flash Player 11.2.202.235 and earlier versions. For Android, Adobe has released a new version of the 11.1.x series where Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x are vulnerable.

Of the seven vulnerabilities fixed two are memory corruptions, one is a stack overflow vulnerability, one is an  integer overflow vulnerability and another is a null de-referencing problem. All of these could lead to code execution. Of the remaining two, one is a security bypass vulnerability that could lead to information disclosure  and the others is a binary planting vulnerability in the Flash Player installer that could lead to code execution.

Google has released a new version of its Chrome web browser to upgrade the built-in  Flash Player to 11.3.300.257.

For users who cannot update to Flash Player 11.3, Adobe has released a patched version of Flash Player 10.x which can be downloaded here.

Along with the release of Flash 11.3, Adobe has also released a new version of Adobe Air for Windows, Macintosh and Android. Users of Adobe AIR 3.2.0.2070 should update to Adobe AIR 3.3.0.3610.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , ,

Adobe Finally Updates the CS5 & CS5.5 Versions of Illustrator and Photoshop to Fix Security Vulnerabilities

June 5, 2012 by

Three weeks ago Adobe published two security advisories describing critical vulnerabilities in the CS5 and CS5.5 versions of Illustrator and Photoshop. The original advisories recommended that users upgrade to CS6 (which they would have to pay for) and didn’t offer any patches or updates for the CS5 and CS5.5 versions. Following complaints, bad press and an outcry from users, Adobe made a U turn and promised patches in due course. Those patches have now been released.

Illustrator

The vulnerabilities present in Adobe Illustrator CS5 (15.0.x) and Adobe Illustrator CS5.5 (15.1) for Windows and Macintosh could allow an attacker who successfully exploits these vulnerabilities to take control of the affected computer. Adobe has now released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities. Specifically the update addresses six separate memory corruption vulnerabilities that could be exploited to let an attacker execute arbitrary code.

Photoshop

Like Adobe Illustrator, the vulnerabilities present in Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh could allow an attacker who successfully exploits these vulnerabilities to take control of the affected computer.

Adobe has now released security updates for Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh. For an attacker to exploit the vulnerabilities a malicious file must be opened in Photoshop. Adobe is not aware of any attacks exploiting these vulnerabilities. The update fixes three specific problems:

  1. A use-after-free TIFF vulnerability that could lead to code execution.
  2. A buffer overflow vulnerability that could lead to code execution.
  3. A stack-based buffer-overflow vulnerability in the Collada .DAE file format that could lead to code execution.

 

 

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , ,

Apple Releases First OS X 10.5 Update For Nearly a Year – But Doesn’t Patch Any Known Vulnerabilities

May 15, 2012 by

(LiveHacking.Com) – Apple have made the interesting move of releasing a security update for OS X 10.5 Leopard which doesn’t actually patch any known vulnerabilities. Instead the update for the oldest of the OS X versions that runs on Intel Macs disables out-of-date versions of Adobe Flash Player.

Leopard Security Update 2012-003 disables Adobe Flash Player if it is older than 10.1.102.64. It does this by moving its files to a new directory. If the update disables Flash Player the user is presented with the option to install an updated version of from the Adobe website. Apple disabled Flash Player older than 10.1.102.64 on OS X Snow Leopard and OS X Lion a few days ago.

Apple have also released a version of the Flashback malware removal tool designed for Leopard. Apple released the same tool for Snow Leopard and Lion almost a month ago. According to the advisory: “This update runs a malware removal tool that will remove the most common variants of the Flashback malware. If the Flashback malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.”

Leopard has been left languishing without any updates from Apple for nearly a year. The last application update was for iTunes in November 2011, while the last operating system level update was in June of the same year.

There are of course still users of OS X 10.4 and OS X 10.5 for the PowerPC which it seems Apple has completely abandoned.

Filed Under: Adobe, Apple, Apple, News, Security, Vulnerability Tagged With: , ,

Adobe Releases Security Bulletins for Illustrator, Photoshop, Flash Professional and Shockwave Player

May 11, 2012 by

(LiveHacking.Com) – Adobe has released security bulletins describing critical vulnerabilities in Illustrator, Photoshop, Flash Professional and Shockwave Player:

Illustrator

Adobe released a security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Illustrator.

Photoshop

Adobe has released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIF file must be opened in Photoshop CS5 and earlier for Windows and Macintosh by the user for an attacker to be able to exploit these vulnerabilities. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop.

Flash Professional

Adobe has released a security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Flash Professional.

Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: , , ,

Adobe Fixes Zero-day Vulnerability in Flash That is Being Exploited in the Wild

May 7, 2012 by

(LiveHacking.Com) – Adobe has released a patch to fix a zero-day vulnerability in Flash Player that is being exploited in the wild. According to the security advisory the bug is being exploited in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. As a remedy Adobe has released a security update for Windows, Macintosh, Linux and Android.

Details of the exact nature of the vulnerability are not available however it is clear that unpatched versions of Adobe Flash Player allow a remote attacker to execute arbitrary code via a crafted file, related to what is being called an “object confusion vulnerability.”

According to Symantec, the email attachment contains a  document with  ”an embedded reference to a malicious Flash file hosted on a remote server. When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk, and executes it.” Symantec says that the malware payload is Trojan.Pasam.

The vulnerability affects the following versions:

  • Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems
  • Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

Windows users are advised to upgrade as soon as possible as the exploit is targeting that platform.

Filed Under: Adobe, Adobe, Flash Player, Vulnerability Tagged With: , ,

Adobe Releases Security Updates for Adobe Reader X

April 11, 2012 by

(LiveHacking.Com) – Adobe has released security updates for Adobe Reader to address vulnerabilities that could cause the application to crash and potentially allow an attacker to take control of the affected system.

The vulnerabilities fixed include:

  • An integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774).
  • A memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775).
  • A security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776).
  • A memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).

Affected Versions

  • Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
  • Adobe Reader 9.4.6 and earlier 9.x versions for Linux
  • Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

The Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) updates also incorporate the Adobe Flash Player updates as noted in Security Bulletins APSB12-03APSB12-05 and APSB12-07.

Filed Under: Adobe, Adobe, Vulnerability Tagged With: ,

Adobe Releases Malware Classifier Tool as Open Source

April 5, 2012 by

(LiveHacking.Com) – Adobe has released a new command line tool for quick malware triage. Known as the “Adobe Malware Classifier“, this Python based tool was developed by Adobe’s Product Security Incident Response Team (PSIRT) who used it as part of the initial response to security incidents.

“I’ve since decided to make this tool available to other first responders (malware analysts, IT admins and security researchers of any stripe) as an open-source tool, since you might find it equally helpful,” said its creator, Karthik Raman.

The tool classifies Windows executables (EXEs) and dynamic link libraries (DLLs) into one of three categories: “0″ for clean, “1″ for malicious and “UNKNOWN”. To do this it uses machine learning algorithms that process seven key features extracted from a binary and then, based on one or all of four classifiers, and presents its classification results. Specifically, the tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a data set of approximately 100,000 malicious programs and 16,000 clean programs.

Testing

To test this tool I downloaded the file onto a Ubuntu 10.04 machine. To run, it needs some additional Python modules which I installed:

sudo apt-get install python-pefile
sudo apt-get install python-argparse

The tool supports a few command line options:

usage: AdobeMalwareClassifier.py [-h] [-f filename] [-n model] [-v [verbose]]

Classify an unknown binary as MALWARE or CLEAN.

optional arguments:
  -h, --help    show this help message and exit
  -f filename   The name of the input file
  -n model      The ordinal for model classifier: 0=all (default) | 1=J48 |
                2=J48Graft | 3=PART | 4=Ridor
  -v [verbose]  Dump the PE data being processed

I tested the tool on several different types of .exe including 7-Zip, VLC and the Java runtime:

  • All the .exe files test returned UKNOWN except for the Java runtime.
  • The Java runtime returned MALWARE!
  • The tool can’t read .msi files

Conclusion

Although this looks like interesting research it really can only be seen as a triage tool. Maybe if I had tested it against some actual malware I might have got some better results.

Filed Under: Adobe, Tools Tagged With: , ,

Flash Player 11.2 Fixes Critical Vulnerabilities

March 29, 2012 by

(LiveHacking.Com) – Adobe has released Flash Player 11.2 with new features while also fixing some critical vulnerabilities. Among the new features is a new background updater for Windows. This system checks once every 24 hours for updates to Flash Player and updates all Flash Player versions installed on your PC including plugins and ActiveX.

The updater isn’t perfect as Firefox users need to restart their computers for Firefox to load the newly installed Plugin. The release notes mention that for 64-bit operating systems “it may be necessary to remove the NPSWF .dll from both WindowsSystem32MacromedFlash AND Windows[SysWow64]MacromedFlash directories”. It isn’t clear if this is instead of a reboot.

On the bug fix front, Flash Player 11.2 fixes critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

The first bug fixed is a memory corruption vulnerability related to URL security domain checking that could lead to code execution (ActiveX, Windows 7 or Vista only) (CVE-2012-0772), while the second resolves a memory corruption vulnerability in the NetStream class that could also lead to code execution (CVE-2012-0773).

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.1.0.4880 and earlier versions for Windows, Macintosh and Android
Filed Under: Adobe, Flash Player, Vulnerability Tagged With: , ,

Adobe Release Security Details for Latest Version of Flash

March 7, 2012 by

(LiveHacking.Com) – Over the weekend Google released a new version of its web browser Chrome which, along with security related bug fixes, included a new version of Adobe Flash Player. At the time of its release, Google were ahead of Adobe meaning that the version of Flash Player in Chrome was not yet announced by Adobe. However Adobe has now released details of the security fixes to Flash Player.

Flash Player 11.1.102.63  contains priority 2 updates that address critical vulnerabilities on Windows, Macintosh, Linux,  Android 4.x, and Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Specifically the update fixes a memory corruption vulnerability in Matrix3D that could lead to code execution (CVE-2012-0768) and a resolves integer errors that could lead to information disclosure (CVE-2012-0769).

By marking this update as priority 2 Adobe are recommending that users  install the update within 30 days. This is because there are currently no known exploits and based on previous experience, Adobe do not anticipate exploits are imminent.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x

The new version of Flash is available from the Flash Player Download Center. For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded here.

 

Filed Under: Adobe, Adobe, Flash Player, Vulnerability Tagged With: , ,

Adobe Fixes Critical Vulnerabilities and Adds JavaScript Whitelisting to Adobe Reader and Acrobat

January 11, 2012 by

(LiveHacking.Com) – Adobe has released updates for Adobe Reader and Adobe Acrobat to address multiple critical vulnerabilities including the zero-day Universal 3D (U3D) processing bug found last month. If exploited,  these vulnerabilities would allow a hacker to create a denial-of-service condition or take control of the affected system.

Details of the Critical fixes are:

  • Resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-4370).
  • Resolves a heap corruption vulnerability that could lead to code execution (CVE-2011-4371).
  • Resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-4372).
  • Resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-4373).
  • These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.

It is also worth noting that these updates also include the Adobe Flash Player update as noted in Security Bulletin APSB11-28.

JavaScript whitelisting
Adobe also added a new feature to Adobe Reader and Acrobat X (10.1.2) and 9.5 called Javascript whitelisting. In previous versions of Reader and Acrobat, administrators could disable the execution of JavaScript embedded in PDF files, to protect against PDF files containing malicious Javascript. However such an arbitrary control  breaks PDF-based solution workflows that rely on forms and JavaScript. In the new versions execution  of JavaScript in PDF files is now based on document trust. If a document is trusted, JavaScript execution will be allowed; but if it is untrusted, Adobe Reader and Acrobat will prevent all JavaScript execution. For more detail see Adobe’s blog post.

Affect versions

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.7 and earlier 9.x versions for Windows
  • Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
  • Acrobat 9.4.6 and earlier 9.x versions for Macintosh

Adobe recommends users of Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.2). For users of Adobe Reader 9.4.7 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.2), Adobe has made available the update Adobe Reader 9.5. The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for April 10, 2012.

Filed Under: Adobe, Adobe, News, Vulnerability Tagged With: , , ,
«Older Posts
Newer Posts»