Adobe Security Advisory APSA11-02

Adobe has publised an Advisory affecting:

Affected software:
• Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.25 and earlier for Chrome users
• Adobe Flash Player 10.2.156.12 and earlier for Android

More at Link

 

Doesn't mention anything about the 10.3 beta so I can only assume it's also affected.

It does however boast, again, about v10 or "Reader X" using protected mode to prevent the exploit. Has anyone tried/using Reader 10 or choosing it over other readers (like Foxit) because of it's sandboxing?

 

While I wish I could say yes, it is, I cannot confirm or deny this at this time.
More as Adobe releases more on this new exploit.

 

If the 10.3 release is not mentioned - it does not mean that it is also affected. To assume it is affected is specious - i.e. without merit lacking confirmation.

-- Tom

 

I've been using Adobe Reader for years... I never switched to any of the available alternatives. It became natural to move to Adobe Reader X. I could have kept version 9, which was pretty much protected by disabling things like JavaScript, etc., but why not have the additional security provided by its sandbox?

Add to that Microsoft EMET...

Regarding Flash itself, I am aware that not everyone is aware of things like EMET, but those who do can add the web browser process under EMET's protection, which will also protect from exploits against Flash. Firefox users also need to add plugin-container.exe under EMET's protection, considering it's the executable that handles plugins.

Those using Google Chrome, already have a protected Flash player (protected by Chrome's sandbox).
Those using Chromium (I can't say about other variants) can run it with the command switch --safe-plugins, which will force plugins to run inside Chromium's sandbox. It won't come without its caveats, though, considering it will cripple this or that plugins, such as Java and Silverlight. But, for people who can live without those two , it's a nice trade, IMO.

-edit-

Those using Chromium, I'd say are the geeks and not the average user, and therefore, those who wouldn't mind, could add Google Chrome's Flash Player version to Chromium, and that way have a protected Flash Player without needing to use --safe-plugins.

 

From Microsoft MMPC an Analysis of the CVE-2011-0611 Adobe Flash Player vulnerability exploitation

 

Thanks for that link. It's very informative:

Ye Olde Social Engineering component! For the security-alert person, this exploit should go no further.

A sound and secure policy is to have Plugins disabled, in which case the Flash Player will not load the file. Disabling Plugins is a bit irritating, since it requires the user to enable the Plugin when viewing legitimate Flash files. Also, many pages now use Flash to load elements, and you don't know that until you see a blank space where the Flash Object would load. Nonetheless, it's secure.

This reminds me of an early E-card exploit, where the user, upon opening the email attachment, is redirected to a legitimate E-card site supposedly to download a card, which doesn't exist. Meanwhile, in the background, the exploit is doing its dirty work unbeknownst to the victim.

At this point,

• any good HIPS or Anti-Execution security will intercept the executable.
  
  
• Sandboxing will contain the exploit
  
  
• an AV or similar security will alert, if it has the signature or behavior pattern. Note Microsoft's comments:

----
rich

 

Happy to share, Rich !

Regards,

 

Thanks for the follow-up, Ron - I have spread the news. One just hopes Adobe honors the update release dates.

Regards,

 

More analysis of the exploit from Secunia Research:

https://secunia.com/blog/210/

 

I get an error with Adobe Flash Player 10.2.159.1 non-IE updating..Is it advisable to "install over" the existing flash player...?

In IE it was fine but in non-IE I get this error when I run the installer for the latest version.
Now I'm sure that I have the right version. I used the download link here at https://www.wilderssecurity.com/showthread.php?t=297321

Kindly see image attached.

What am I doing wrong here...?

 

Once done, as Ron recommended, compare your installed version again this Adobe Help About which determines if your installation was successful.

 

Even better, I recommend their uninstall tool. I always use it before updating after I have found numerous outdated versions of this crap on many systems.

http://kb2.adobe.com/cps/141/tn_14157.html

 

Hi guys,

Thanks for the replies there. Have sorted it out earlier via the Control Panel. BUT I'll try the uninstall tool there in my other machines. Am downloading it now.

Thanks again and you guys have a good one!

jason

 

This Technote from Adobe http://kb2.adobe.com/cps/141/tn_14157.html may help you fully unistall Flash and start from fresh. Installer for IE here, Installer for Mozilla here

Good luck.

 

Have heard anything about the beta yet?

 

I find it confusing to establish where the current beta 10.3.180.65 stands re
this vulnerability, as Adobe don't seem to include any security info clarification
about beta. I'm going with what lotuseclat79 says, as that is my understanding
also.