Adobe Security Advisory APSA11-02

Discussion in 'other security issues & news' started by siljaline, Apr 11, 2011.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Adobe has publised an Advisory affecting:
    Affected software:
    • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
    • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
    • Adobe Flash Player 10.2.156.12 and earlier for Android

    More at Link
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Doesn't mention anything about the 10.3 beta so I can only assume it's also affected.

    It does however boast, again, about v10 or "Reader X" using protected mode to prevent the exploit. Has anyone tried/using Reader 10 or choosing it over other readers (like Foxit) because of it's sandboxing?
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    While I wish I could say yes, it is, I cannot confirm or deny this at this time.
    More as Adobe releases more on this new exploit.

     
    Last edited: Apr 11, 2011
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    If the 10.3 release is not mentioned - it does not mean that it is also affected. To assume it is affected is specious - i.e. without merit lacking confirmation.

    -- Tom
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've been using Adobe Reader for years... I never switched to any of the available alternatives. It became natural to move to Adobe Reader X. I could have kept version 9, which was pretty much protected by disabling things like JavaScript, etc., but why not have the additional security provided by its sandbox? :p

    Add to that Microsoft EMET...

    Regarding Flash itself, I am aware that not everyone is aware of things like EMET, but those who do can add the web browser process under EMET's protection, which will also protect from exploits against Flash. Firefox users also need to add plugin-container.exe under EMET's protection, considering it's the executable that handles plugins.

    Those using Google Chrome, already have a protected Flash player (protected by Chrome's sandbox).
    Those using Chromium (I can't say about other variants) can run it with the command switch --safe-plugins, which will force plugins to run inside Chromium's sandbox. It won't come without its caveats, though, considering it will cripple this or that plugins, such as Java and Silverlight. But, for people who can live without those two :argh: , it's a nice trade, IMO.

    -edit-

    Those using Chromium, I'd say are the geeks and not the average user, and therefore, those who wouldn't mind, could add Google Chrome's Flash Player version to Chromium, and that way have a protected Flash Player without needing to use --safe-plugins.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for that link. It's very informative:

    Ye Olde Social Engineering component! For the security-alert person, this exploit should go no further.

    A sound and secure policy is to have Plugins disabled, in which case the Flash Player will not load the file. Disabling Plugins is a bit irritating, since it requires the user to enable the Plugin when viewing legitimate Flash files. Also, many pages now use Flash to load elements, and you don't know that until you see a blank space where the Flash Object would load. Nonetheless, it's secure.

    This reminds me of an early E-card exploit, where the user, upon opening the email attachment, is redirected to a legitimate E-card site supposedly to download a card, which doesn't exist. Meanwhile, in the background, the exploit is doing its dirty work unbeknownst to the victim.

    At this point,

    • any good HIPS or Anti-Execution security will intercept the executable.

    • Sandboxing will contain the exploit

    • an AV or similar security will alert, if it has the signature or behavior pattern. Note Microsoft's comments:
    ----
    rich
     
    Last edited: Apr 13, 2011
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Happy to share, Rich !

    Regards,
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thanks for the follow-up, Ron - I have spread the news. One just hopes Adobe honors the update release dates.

    Regards,
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  13. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    I get an error with Adobe Flash Player 10.2.159.1 non-IE updating..Is it advisable to "install over" the existing flash player...?

    In IE it was fine but in non-IE I get this error when I run the installer for the latest version.
    Now I'm sure that I have the right version. I used the download link here at https://www.wilderssecurity.com/showthread.php?t=297321

    Kindly see image attached.

    What am I doing wrong here...?
     

    Attached Files:

  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Go to the control panel and uninstall the current version, then install the latest version.
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Once done, as Ron recommended, compare your installed version again this Adobe Help About which determines if your installation was successful.
     
  16. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Even better, I recommend their uninstall tool. I always use it before updating after I have found numerous outdated versions of this crap on many systems.

    http://kb2.adobe.com/cps/141/tn_14157.html
     
  17. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Hi guys,

    Thanks for the replies there. Have sorted it out earlier via the Control Panel. BUT I'll try the uninstall tool there in my other machines. Am downloading it now.

    Thanks again and you guys have a good one!

    jason :)
     
  18. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  19. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Have heard anything about the beta yet? o_O
     
  20. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    I find it confusing to establish where the current beta 10.3.180.65 stands re
    this vulnerability, as Adobe don't seem to include any security info clarification
    about beta. I'm going with what lotuseclat79 says, as that is my understanding
    also.
     
Loading...
Thread Status:
Not open for further replies.