Zero-Day vulnerability in Adobe products enables takeover of system

Looks like there is a new vulnerability out that affects Adobe Flash, Player and Acrobat reader. Exploit is out on the Internet. Attackers are able to take over your system if you open up infected files (flash, PDF etc).

From this Adobe advisory:

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

There is no fix yet. Stay tuned.

Vulnerability in iPhone data encryption Or: Do not lose your iPhone because everyone will be able to access it

Bernd Marienfeldt, security officer at LINX, uncovered a pretty bad vulnerability of the latest iPhone that is out there: even with encryption, set passphrases etc, anyone using Ubuntu LINUX can access certain data you have stored on it. There is no fix for this yet.

More detail on Heise-Online, here is the article.

Excerpt:

.. found that he was able to gain unfettered access to his iPhone 3GS from Ubuntu 10.04. If he connected the device whilst it was turned off and then turned it on, Ubuntu auto-mounted the file system and was able to access several folders despite never having previously been connected to the iPhone. The H’s associates at heise Security have successfully reproduced the problem. An Ubuntu system which had never before communicated with the iPhone immediately displayed a range of folders. Their contents included the unencrypted images, MP3s and audio recordings stored on the device.

UPDATE: Rumors have it that this may also affect the iPad.

Facebook “Un Named App” scare leads to malware

Excellent write up by Trendmicro on the ‘un named app’ discussion that is spreading on Facebook. If you search Google for this, you may be tricked into downloading Malware to your machine and get compromised.

Here is the article.

[…] Nothing to worry about here as far as your Facebook is concerned, this does not appear to be a genuine malicious app. In fact a thread on Yahoo answers appears to demonstrate in a reproducible fashion that “Un named App” is nothing more than your “Boxes” tab on your Facebook profile page.

Beware though, there is still real risk attached to this Chinese whisper. Criminals have picked up on the concern among Facebook users (or possibly they were responsible for starting the rumour?) and they have already started to poison Google search results.

Google search result:

Google search result

I queried Google for “facebook unnamed app” and the third result on the first page pointed to a malicious website set up for the purposes of distributing fake anti-virus software, this time called “Security Tool”. If you are unwary enough to click the link you will be presented with a dialogue box informing you that you have a huge number of infected files on your machine and prompting you to use Security Tool to clean them up. The software of course is no real security solution and is designed to fool the victim into parting with hard-earned cash.

Be careful what you surf for.

Adobe fixes critical holes in Shockwave

Adobe quietly released a HIGHLY CRITICAL update to Shockwave on Tuesday. Exploiting these vulnerabilities enables an attacked to inject code and – shock – take over your system. Yes, you need to update your Shockwave installation ASAP. And yeah, you even have to uninstall your old version first!

Adobe advisory is here:

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided below.

[…]

Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606.

Download Patches from here: http://get.adobe.com/shockwave/.

Patch your Adobe Reader ASAP or get hacked like Google did!

Go to http://www.adobe.com/support/security/bulletins/apsb10-02.html and get your latest patch.

The hackers who tried to steal source code from dozens of companies used an exploit in Adobe Reader to get it done..

From Wired:

A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to the companies and were in many cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to an attack that targeted other companies last July, the company said.

A spokeswoman for iDefense wouldn’t name any of the other companies that were targeted in the recent attack, except Adobe.

Adobe acknowledged on Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

The company didn’t say whether it was a victim of the same attack that struck Google. But Adobe’s announcement came just minutes after Google revealed that it had been the victim of a “highly sophisticated” hack attack originating in China in December.

Neither Google nor Adobe provided details about how the hacks occurred. Google said only that the hackers were able to steal unspecified intellectual property from it and had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.

But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and “unusually sophisticated” and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.

The hackers gained access to the company networks by sending targeted e-mails to employees, which contained a malicious PDF attachment. The malicious code exploited a zero-day vulnerability in Adobe’s Reader application.

Don’t get hacked! Patch now.

Adobe fixes out, addressing vulnerabilities that lead to system compromise

Update your Adobe Reader, Acrobat etc. installations. Adobe released 30 (!) security vulnerability fixes last week. Exploits are in the wild, using some of these vulnerabilities to ‘take control over the affected system’.

Details are here.

Vulnerability in Adobe Reader and Flash Player – remote break-ins possible

Be careful when you use Flash Player to watch videos on the Internet or in your E-mail; also don’t open PDF files from unknown sources. There is currently an exploit in the wild that makes use of a new vulnerability, which essentially can result in an attacker taking over your system. There is currently no patch for this; Adobe is working hard to get one out next week. Until then, be cautious!

See the details on Adobe’s site: 
http://www.adobe.com/support/security/advisories/apsa09-03.html

[…] A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
[…]
We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009 […] Flash Player users should exercise caution in browsing untrusted websites. Adobe is in contact with Antivirus and Security vendors regarding the issue and recommend users keep their anti-virus definitions up to date.