02-12-2010 1:42
Adobe Flash Player 10.0.45.2 and AIR 1.5.3.1930 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html , (Fri, Feb 12th)
News ::
ISC
Povezani zapisi:
09-09-2010 10:43
Adobe has issued a new security advisory concerning Adobe Acrobat, its line of PDF software. All current versions of Reader and Acrobat are known to be vulnerable, across all supported platforms–Windows and Mac for Acrobat, and Windows, Mac, and Unix for Reader. According to the advisory, an attacker could use the vulnerability to “to take control of the affected system”, meaning random code could be executed on user systems.
Trend Micro has already found malicious files that exploit this vulnerability. These are detected as TROJ_PIDIEF.WM. In turn, this file drops a downloader (TROJ_DLOADR.WM) which leads to another downloader, TROJ_CHIFRAX.BU. More PIDIEF variants that exploit this vulnerability are sure to be spotted in the next few days.
The URLs where TROJ_CHIFRAX.BU is located and downloads malware from are currently unavailable. Curiously, even if the website was registered on the .US top-level domain, WHOIS records indicate the registrant is in Hong Kong. In addition, the servers that actually host the site are located in Germany and the United States. This indicates that some effort was placed into hiding the actual persons responsible for this attack.
In addition, the dropped malicious file is signed, much like the earlier Stuxnet malware. This time, the certificate of a legitimate American credit union was used:
Adobe has not stated when security updates will be made available, saying only that they are “evaluating the schedule” for a potential fix. They have advised their users to keep their anti-virus software updated to protect themselves until a fix is made available.
This is the second major zero-day vulnerability that Adobe has had to deal with in 2010. The first one, which affected both Acrobat and Flash, was discussed in the Malware Blog in the post Zero-Day Flash/Acrobat Exploit Seen in the Wild. The timeline of that particular incident–where a flaw revealed early in the month was fixed by the end of the month–suggests a fix will come in the next few weeks.
Trend Micro protects users from this attack via its Trend Micro Smart Protection NetworkTM that detects the malicious files currently exploiting this vulnerability, as well as blocking the URLs related to this threat.
Post from: TrendLabs | Malware Blog - by Trend Micro
New Zero-Day Adobe Acrobat Vulnerability Exploited
trendmicro
09-09-2010 10:00
k3vin mitnick has discovered a vulnerability in www.flashpageflip.com, which could be exploited by malicious people to conduct XSS attacks.
XSSed
09-08-2010 20:03
We just received word that there is a report of a 0-day exploit for Adobe Acrobat/Reader being exploited in the wild. Secunia has a brief write up and here is the link to the original advisory. The exploit was discovered in a phishing attempt with the subject of David Leadbetter's One PointLesson. Adobe has issued an advisory and references CVE-2010-2883(which just shows as reserved at this point with no details). It does effect the latest version of Acrobat/Reader and Adobe is investigation a patch. More to come on that.
The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file. So the good news is that, as of right now, it's a loud exploit. Early VirusTotal scans also had partial coverage under various forms of Suspicious PDF categories. At this point, standard precautions apply (don't open PDFs from strangers) and this can probably only really be used in a phishing style scenario. Will update this dairy as needed with developments.
--
John Bambenek
bambenek at gmail /dot/ com
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
ISC
09-08-2010 17:59
-- John Bambenek bambenek at gmail /dot/ com
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
ISC
|
