April 20, 2014

Chrome 24 released with new version of Flash and a $4000 bug fix

Chrome-logo-2011-03-16(LiveHacking.Com) –  Google has released Chrome 24  with support for MathML, a new version of Adobe Flash Player, fixes for various security issues in V8 (v8-3.14.5.3) and $6000 worth of High priority security fixes.

First, Adobe released a new version of Adobe Flash Player this week and Microsoft subsequently updated IE 10 to upgrade its built-in Flash Player. Google normally do the same thing and as expected Chrome 24 contains the latest Flash Player with the security fixes issued by Adobe.

Also, Google fixed some High priority security bugs. It paid security researchers over $6000 for their effort. Erling A Ellingsen and Subodh Iyengar, both of Facebook, got to share $4000 between them for a same origin policy bypass when using a malformed URL bug. The full list of rewards is:

  • [$1000] [162494] High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG.
  • [$4000] [165622] High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook.
  • [$1000] [165864] High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.

Google also fixed a number of other security related bugs which were found by Google’s Chrome Security Team:

  • [167122] Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh).
  • [166795] High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans).
  • [165601] High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [165538] High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [165430] Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno).
  • [164565] High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community.
  • [Windows only] [164490] Low CVE-2012-5154: Integer overflow in shared memory allocation. Credit to Google Chrome Security Team (Chris Evans).
  • [Mac only] [163208] Medium CVE-2012-5155: Missing Mac sandbox for worker processes. Credit to Google Chrome Security Team (Julien Tinnes).
  • [162778] High CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162776] [162156] Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162153] High CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team.
  • [162114] High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla).
  • [Windows only] [162066] Low CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh).
  • [161836] Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez).
  • [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154485] Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar).
  • [154283] Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar).
  • [152921] Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
  • [150545] High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar).
  • [145363] Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
  • [Linux only] [143859] Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer).

 

Adobe updates Flash Player to fix 25 security vulnerabilities

(LiveHacking.Com) – Adobe has released a new version of its Flash Player to address a multitude of security vulnerabilities. The new release fixes at least 25 separate security flaws. Adobe also released a security patch for its Adobe AIR software. According to Adobe, “these updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

The update affects all Flash platforms including Windows, Mac, Linux and Android. Adobe has released security updates for:

  • Adobe Flash Player 11.4.402.278 and earlier versions for Windows
  • Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh,
  • Adobe Flash Player 11.2.202.238 and earlier for versions for Linux,
  • Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x.

For Adobe AIR users, all versions prior to 3.4.0.2540 on Windows, Macintosh and Android should update to Adobe AIR 3.4.0.2710.

There are two categories of vulnerabilities fix in this release: buffer overflow vulnerabilities that could lead to code execution and memory corruption vulnerabilities that could also lead to code execution.

If you are still using Flash Player 10 and you cannot update to Flash Player 11.4.402.287, Adobe has released Flash Player 10.3.183.29, which can be downloaded here.

Adobe releases surprise update for Flash

(LiveHacking.Com) – Just one week after releasing a security update for its Flash Player, Adobe has now released a second security update and, unlike last week’s update, it also covers Android. The update for Adobe Flash Player brings the version number for Windows, Macintosh and Linux to 11.4.402.265, users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices can now upgrade to Adobe Flash Player 11.1.115.17. The updates fix multiple vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

There are six critical bug fixes in this release.  This means that, if exploited, these bugs  would allow malicious native-code to execute, potentially without a user being aware. The first four bugs are memory corruption vulnerabilities that could lead to code execution, the fifth is an integer overflow vulnerability and the last is a cross-domain information leak vulnerability.

The update has taken many IT managers and security experts by surprise. Adobe (in recent times) releases security updates for its products on the second Tuesday of the month. However it has also remained committed to being flexible when faced with a zero-day attack. Since this new release could be considered out-of-band (as last week’s update also covered Shockwave Player and Acrobat Reader), does Adobe know something about a zero day attack which hasn’t yet been published? Or was last weeks update the out-of-band release as the CVE-2012-1535 vulnerability was being exploited in the wild (via a malicious Word document) and this release is the normal monthly security update?

As a result of the updates Google has released a new version of the Chrome web browser.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems
  • Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions
  • Adobe AIR 3.3.0.3650 and earlier versions for Android

Adobe updates Flash Player, Shockwave Player and Acrobat Reader to close security vulnerabilities but Google issues warning

(LiveHacking.Com) – Adobe has released a series of security advisories about its Flash Player, Shockwave Player and Acrobat Reader to close security vulnerabilities. As a result of the updates Google has released a new version of the Chrome web browser but they have also issued a warning about using Acrobat Reader on Windows (as there are still Critical vulnerabilities which are unfixed) and on Linux which was not patched at all. Gynvael Coldwind of the Google Security Team said “we consider users of Adobe Reader to be exposed to serious risk.”

According to the Google security researchers, Adobe Reader for Linux users are exposed to all the known critical vulnerabilities, while Adobe Reader for Windows and Mac OS X users are currently vulnerable to up to 6 and 10 unpatched issues (respectively).

What Adobe did patch for its PDF reader affects Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. The updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. The new versions fix stack and buffer overflow vulnerabilities as well as memory corruption vulnerabilities. In the security advisory Adobe thanks Mateusz Jurczyk and Gynvael Coldwind, of the Google Security Team, for twelve of the bugs found.

Adobe has also released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. The update addresses five memory corruption vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

There is also an update for Flash Player on Windows, Macintosh and Linux. The updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system. This bug is currently being exploited in the wild via a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

Flash Player 11.3 fixes Critical security vulnerabilities

(LiveHacking.Com) – Adobe has released a new version of its ubiquitous Flash Player. Version 11.3 fixes at least seven critical security vulnerabilities. The new version also enables the background updater for Mac OS X. Older versions are vulnerable to crashes and potential arbitrary code execution. The new version is available for all supported operating systems, i.e. Windows, OS X, Linux. Affected versions including Adobe Flash Player 11.2.202.235 and earlier versions. For Android, Adobe has released a new version of the 11.1.x series where Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x are vulnerable.

Of the seven vulnerabilities fixed two are memory corruptions, one is a stack overflow vulnerability, one is an  integer overflow vulnerability and another is a null de-referencing problem. All of these could lead to code execution. Of the remaining two, one is a security bypass vulnerability that could lead to information disclosure  and the others is a binary planting vulnerability in the Flash Player installer that could lead to code execution.

Google has released a new version of its Chrome web browser to upgrade the built-in  Flash Player to 11.3.300.257.

For users who cannot update to Flash Player 11.3, Adobe has released a patched version of Flash Player 10.x which can be downloaded here.

Along with the release of Flash 11.3, Adobe has also released a new version of Adobe Air for Windows, Macintosh and Android. Users of Adobe AIR 3.2.0.2070 should update to Adobe AIR 3.3.0.3610.

Adobe Fixes Zero-day Vulnerability in Flash That is Being Exploited in the Wild

(LiveHacking.Com) – Adobe has released a patch to fix a zero-day vulnerability in Flash Player that is being exploited in the wild. According to the security advisory the bug is being exploited in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. As a remedy Adobe has released a security update for Windows, Macintosh, Linux and Android.

Details of the exact nature of the vulnerability are not available however it is clear that unpatched versions of Adobe Flash Player allow a remote attacker to execute arbitrary code via a crafted file, related to what is being called an “object confusion vulnerability.”

According to Symantec, the email attachment contains a  document with  “an embedded reference to a malicious Flash file hosted on a remote server. When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk, and executes it.” Symantec says that the malware payload is Trojan.Pasam.

The vulnerability affects the following versions:

  • Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems
  • Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

Windows users are advised to upgrade as soon as possible as the exploit is targeting that platform.

Flash Player 11.2 Fixes Critical Vulnerabilities

(LiveHacking.Com) – Adobe has released Flash Player 11.2 with new features while also fixing some critical vulnerabilities. Among the new features is a new background updater for Windows. This system checks once every 24 hours for updates to Flash Player and updates all Flash Player versions installed on your PC including plugins and ActiveX.

The updater isn’t perfect as Firefox users need to restart their computers for Firefox to load the newly installed Plugin. The release notes mention that for 64-bit operating systems “it may be necessary to remove the NPSWF .dll from both WindowsSystem32MacromedFlash AND Windows[SysWow64]MacromedFlash directories”. It isn’t clear if this is instead of a reboot.

On the bug fix front, Flash Player 11.2 fixes critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

The first bug fixed is a memory corruption vulnerability related to URL security domain checking that could lead to code execution (ActiveX, Windows 7 or Vista only) (CVE-2012-0772), while the second resolves a memory corruption vulnerability in the NetStream class that could also lead to code execution (CVE-2012-0773).

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.1.0.4880 and earlier versions for Windows, Macintosh and Android

Adobe Release Security Details for Latest Version of Flash

(LiveHacking.Com) – Over the weekend Google released a new version of its web browser Chrome which, along with security related bug fixes, included a new version of Adobe Flash Player. At the time of its release, Google were ahead of Adobe meaning that the version of Flash Player in Chrome was not yet announced by Adobe. However Adobe has now released details of the security fixes to Flash Player.

Flash Player 11.1.102.63  contains priority 2 updates that address critical vulnerabilities on Windows, Macintosh, Linux,  Android 4.x, and Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Specifically the update fixes a memory corruption vulnerability in Matrix3D that could lead to code execution (CVE-2012-0768) and a resolves integer errors that could lead to information disclosure (CVE-2012-0769).

By marking this update as priority 2 Adobe are recommending that users  install the update within 30 days. This is because there are currently no known exploits and based on previous experience, Adobe do not anticipate exploits are imminent.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x

The new version of Flash is available from the Flash Player Download Center. For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded here.

 

Google Releases Chrome 15.0.874.120 With a new Version of Flash Plus Various Security Fixes

Google has released Chrome 15.0.874.120 for Windows, Mac and  Linux with a new version of Flash. This new version of Adobe Flash player fixes several memory corruption vulnerabilities that could lead to arbitrary code execution.

Google paid out $2,000 in rewards for this version with the all of the monet going to Aki Helin of OUSPG:

  • [$500] [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG.
  • [$500] [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG.
  • [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community.
  • [$1000] [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG.
  • [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community.
  • [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416).
  • [102461] Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans).

Note that the referenced bugs are kept private by Google until a majority of Chrome users have updated.

Google also fixed the following bugs:

  • Updated V8 – 3.5.10.23
  • Fix small print sizing issues (issues: 10218682472102154)
  • Fixed the “certificate is not yet valid” error for server certificate issued by a VeriSign intermediate CA. (issue 101555) [OS X only]

Google Ships Chrome 13.0.782.112 With a New Version of Flash

(LiveHacking.Com) – The Google Chrome web browser has been updated to 13.0.782.112 to include an updated version of Flash Player.  According to the Adobe security bulletin this new version of Flash Player (10.3.183.5) fixes critical vulnerabilities in Flash Player 10.3.181.36 and earlier versions.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is not aware of any exploits ‘in the wild’ for the issues addressed in this update.

The list of fixes are as follows:

  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2130).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2134).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2135).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2136).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2137).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2138).
  • A cross-site information disclosure vulnerability that could lead to code execution (CVE-2011-2139).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2140).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2414).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2415).
  • An integer overflow vulnerability that could lead to code execution (CVE-2011-2416).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2417).
  • A memory corruption vulnerability that could lead to code execution (CVE-2011-2425).