New 0-Day Adobe Vulnerabilities

Just when it looked like Adobe had take care of that 0-day problem …

It has been a bad year for Adobe’s security team, as Adobe products where hit with many critical security vulnerabilities in that time. The latest was just announced yesterday in a security advisory over at Adobe. The critical vulnerability affects both Adobe Flash Player versions 10.1.85.3 and earlier on all supported operating systems (that’s Windows, Mac, Linux, Solaris and Android [gasp]) and Adobe Reader 9.4 and earlier 9.x versions on Windows, Mac and Unix.

Basically, both Flash Player and Adobe Reader / Acrobat are affected by the security vulnerability. According to Adobe’s security bulletin, the issue is actively exploited against Adobe Reader and Acrobat on Windows.

Adobe is currently working on patches and aims to release the Flash Player patch on November 9, 2010 and the Adobe Reader / Acrobat patch on November 15, 2010. That’s puzzling considering that the company has admitted that the issue is actively exploited against Adobe Reader and Acrobat.

Mitigations were posted to protect the computer system.

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

No mitigating factors were offered for the Flash vulnerability. The only ones that are known to work are to either disable Adobe Flash in the browser, or to use a flash blocking script such as NoScript for Firefox.

The Register has additional information about the pdf exploit. According to their information, attackers “install a nasty trojan known as Wisp, which according to Microsoft, steals sensitive user data and installs a backdoor on compromised systems.”

With patches as far away as two weeks, it is recommended to disable authplay.dll in Adobe Reader or Acrobat, and disable or block the Flash plugin in the web browser to protect the computer system against these attacks.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Console Switch products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Tags: , , , , ,

Comments are closed.