Tag Archives: Photoshop

Mysterious BadBIOS Malware – WSWiR Episode 83

Adobe Breach Gets Bigger, NSA MUSCULAR, and Mysterious Malware

No time to follow Infosec news, but need to know the latest so you can protect your network? Well you’ve come to the right place. In my weekly, security summary video I quickly highlight the big security stories from the week, so you’re aware of the latest threats and security news.

Today’s episode includes more concerning details about the recent Adobe network hack (change your password), news of the latest NSA snooping revelation, and a story about a very scary advanced malware infection that sounds more like science fiction than fact. To learn all the details, click play below… and don’t forget to check the Reference section for links to many other interesting Infosec stories.

Thanks for watching, and Happy Halloween!

(Episode Runtime: 11:04)

Direct YouTube Link: http://www.youtube.com/watch?v=1YQ0Ot2yFcg

Episode References:

Extras:

— Corey Nachreiner, CISSP (@SecAdept)

Adobe Reader X Update Corrects Zero Day Vulnerability

Severity: High

Summary:

  • These vulnerabilities affect: Reader X (and Acrobat) 11.0.0.1 and earlier running on all platforms
  • How an attacker exploits them: By tricking you into opening malicious PDF documents (or by visiting web sites hosting such documents)
  • Impact: In the worst case, an attacker can execute code on your computer with your privileges. If you are an administrator, they gain complete control
  • What to do: Install the appropriate Reader update immediately, or let Adobe’s updater do it for you.

Exposure:

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Last week, Adobe released a security bulletin fixing two zero day vulnerabilities in the popular Reader program. We first described these zero day vulnerabilities in a WatchGuard Security Week in Review episode earlier in the month. Though the two flaws may differ technically, they share the same general scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit either of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Since attackers are exploiting these flaws in the wild, Adobe has assigned them a Priority 1 rating; especially against Windows and Mac computers. We recommend you patch immediately, if you haven’t already

Solution Path:

Adobe has released Reader and Acrobat updates. We recommend you download and deploy the corresponding update immediately, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Though our IPS and AV services may help prevent some of these attacks, or the malware they try to load, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Reader X and Shockwave Player Fixes

Severity: High

Summary:

  • These vulnerabilities affect: Flash Player, Reader X, and Acrobat X. Also news of a ColdFusion zero day exploit
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released two security bulletins describing vulnerabilities in Flash Player, and Reader and Acrobat X.

Adobe Patch Day: January 2013

A remote attacker could exploit the worst of these flaws to gain complete control of your computer. We summarize the bulletins below:

  • APSB13-02: Multiple Reader and Acrobat  Vulnerabilities

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Adobe’s bulletin describes 27 vulnerabilities that affect Adobe Reader and Acrobat X 11.0.0 and earlier, running on any platform (Windows, Mac, Linux).  Adobe’s alert only describes the flaws in minimal detail, but most of them involve memory corruption-related vulnerabilities, such as buffer overflows,  integer overflows, use-after-free issues, and so on. For the most part, they share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit many of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Adobe Priority Rating: 1 for Windows (Patch within 72 hours)

  • APSB13-03: Flash Player Buffer Overflow Vulnerability

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

Flash player suffers from a buffer overflow flaw. If an attacker can lure you to a web site, or get you to open specially crafted Flash content, he could exploit this flaw to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe Priority Rating: 1 for Windows (Patch within 72 hours)

Aside from the Reader and Flash updates, Adobe also posted a warning about three zero day ColdFusion vulnerabilities that attackers are exploiting in the wild. They have not had time to fix these vulnerabilities yet, but they do offer some mitigation techniques in their advisory. If you use ColdFusion, especially as your public web server, we recommend you try to implement the mitigation techniques described in the “Mitigations” section of Adobe’s alert. We will let you know as soon as they release the real patch.

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Though our IPS and AV services may help prevent some of these attacks, or the malware they try to load, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Flash and ColdFusion Updates

Severity: High

Summary:

  • These vulnerabilities affect: Flash Player and ColdFusion 1o
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released two security bulletins, describing vulnerabilities in their Flash Player and ColdFusion products.

Adobe Patch Day: December 2012

A remote attacker could exploit the worst of these flaws to gain complete control of your computer. We summarize the Adobe security bulletins below:

  • APSB12-27: Flash Player Code Execution Vulnerabilities

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

Adobe’s bulletin describes a three vulnerabilities in Flash Player 11.5.502.110 and earlier for all platforms. The three flaws consist of various buffer overflow and memory corruption flaws, all of which attackers can leverage to execute arbitrary code. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

They assign these flaws their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.

Adobe Priority Rating: 1 (Patch within 72 hours)

Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from what Adobe only describes as “a sandbox permissions violation in a shared hosting environment.” The bulletin shares very little about the scope of this flaw (CVE-2012-5675), so we’re unsure how easy or hard it is for attackers to leverage. Adobe rates it as Priority 2 issue, which is essentially their medium severity rating.

Adobe Priority Rating: 2 (Patch within 30 days)

Solution Path:

Adobe has released updates for all their affected software. If you use Flash Player or ColdFusion, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Updates for Reader X, Flash, and Shockwave Player

Severity: High

Summary:

  • These vulnerabilities affect: Shockwave Player, Flash Player, Reader X, and Acrobat X
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released three security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, and Reader and Acrobat X.

A remote attacker could exploit the worst of these flaws to gain complete control of your computer. We summarize these three Adobe security bulletins below:

  • APSB12-16: Multiple Reader and Acrobat  Vulnerabilities

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Adobe’s bulletin describes 20 vulnerabilities that affect Adobe Reader and Acrobat X 10.1.3 and earlier, running on Windows and Macintosh.  Adobe doesn’t describe the flaws in much technical detail, but does note that most of them involve buffer overflow and memory corruption issues. Almost all of them share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit any of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Adobe Priority Rating: 1 (Patch within 72 hours)

  • APSB12-17: Five Shockwave Memory Corruption Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin warns of five unspecified memory corruption vulnerabilities that affect Shockwave Player 11.6.5.635 and earlier for Windows and Macintosh. All five flaws share the same impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

Adobe Priority Rating: 2 (Patch within 30 days)

  • APSB12-18: Flash Player Code Execution Vulnerability

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

Adobe’s bulletin describes a serious flaw that affects Flash Player 11.3.300.270 and earlier for all platforms. They don’t describe the  vulnerability (CVE-2012-1535) in detail, but they do describe its impact. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit this flaw to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe also warns that attackers are currently exploiting this flaw in the wild via malicious Word documents, which target Windows users. We highly recommend you patch Flash Player immediately

Adobe Priority Rating: 1 (Patch within 72 hours)

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Shockwave, Flash Professional, Photoshop, and Illustrator Updates

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Shockwave Player, Flash Professional, Photoshop, and Illustrator
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released four security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Professional, Photoshop, and Illustrator.

A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

  • APSB12-13: Five Shockwave Code Execution Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin warns of five security vulnerabilities that affect Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh. Adobe’s bulletin doesn’t describe the flaws in technical detail, only characterizing them as memory corruption vulnerabilities. All five flaws share the same impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

Adobe Priority Rating: 2 (Patch within 30 days)

  • APSB12-12: Flash Professional Buffer Overflow Vulnerability

Adobe Flash is a platform for creating interactive or animated web content and video. Flash Professional is the Adobe authoring environment used to create Flash content.

Flash Professional 11.5.1.348 and earlier for Windows and Mac suffers from a buffer overflow vulnerability. Adobe does not share any relevant detail about this flaw, nor how an attacker might exploit it. However, we assume that if you open specially crafted Flash content in Flash Professional, an attacker can leverage this flaw to execute code on your computer, with your privileges. As usual, if you have administrative or root privileges, the attacker would gain complete control of your machine.

Adobe Priority Rating: (Patch at your discretion)

  • APSB12-11: Photoshop TIFF Handling Vulnerability

Photoshop is a popular image editing program. Photoshop CS5.5 (for Windows and Mac) suffers from two vulnerabilities; a vulnerability involving its inability to properly handle specially crafted TIFF images, and an unspecified buffer overflow vulnerability. By tricking you into downloading and opening a malicious image in Photoshop, an attacker can exploit the TIFF flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer. Adobe doesn’t describe how an attacker might leverage the second buffer overflow vulnerability.

Adobe Priority Rating(Patch at your discretion)

  • APSB12-10 Five Illustrator Code Execution Vulnerabilities

Illustrator is Adobe’s vector drawing software. It suffers from five unspecified memory corruption vulnerabilities. Adobe doesn’t describe these flaws in any other detail, other than calling them code execution vulnerabilities. If forced to guess, we assume that if you handle specially crafted, Illustrator-compatible files (perhaps an image), an attacker could exploit this flaw to execute code on your computer with your privileges. Again, if you are an administrator, the attacker gains full control.

Adobe Priority Rating(Patch at your discretion)

While we’re on Adobe updates, if you haven’t installed the early Flash Player update that Adobe released last week, we recommend you do so immediately. That update is much more severe than the ones released today.

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

NOTE: Adobe has chosen to only release some of these fixes as paid updates (CS6). If you didn’t already plan to pay for these updates, you will have to decide if these security issues change your mind. On a positive note, attackers don’t often target the products in question (Photoshop, Illustrator, Flash Professional). Nonetheless, it’s difficult for us not to recommend the latest security updates, and we wish that Adobe had extended these security updates to previous versions as well.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. A properly configured UTM device may mitigate the risk of some of these issues. That said, it cannot protect you from local attacks, nor can it prevent attacks that leverage normal HTTP traffic. Therefore, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Adobe Patch Day: Updates for Flash, Shockwave, and Photoshop

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Shockwave Player, Flash Player, Flash Media Server, and Photoshop
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Yesterday, Adobe released five security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, Flash Media Server, Photoshop, and Robohelp. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

  • APSB11-19: Seven Shockwave Player Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin warns of seven security vulnerabilities that affect Shockwave Player 11.6.0.626 and earlier for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
Adobe Severity: Critical

  • APSB11-20: Flash Media Server DoS Vulnerability

Adobe Flash Player displays interactive, animated web content called Flash. Flash Media Server allows administrators to stream Flash content.

Flash Media Server 4.0.2 and earlier suffer from an unspecified Denial of Service (DoS) vulnerability. Adobe does not share any relevant detail about this flaw, including no detail on how an attacker might exploit it. They only share that an attacker could somehow exploit the flaw to launch a DoS attack against your media server. 
Adobe Severity: Critical

  • APSB11-21 : Flash Player Update Corrects 13 Security Flaws

Adobe Flash Player displays interactive, animated web content called Flash. A recent report from Secunia stats that 99% of Windows computers have Adobe Flash Player installed, so you users very likely have it.

Adobe’s update fixes 13 security vulnerabilities in Flash Player (for Windows, Mac, Linux, and Solaris), which they don’t describe in much technical detail. However, they do describe the general scope and impact of these flaws. In the worst case, if an attacker can lure one of your users to a malicious website, they could exploit some of these flaws to gain control of that user’s computer. We assume the attacker would only gain the privileges of the logged in user. However, since most Windows users have local administrator privileges, the attacker would likely gain full control of Windows machines.
Adobe Severity: Critical

  • APSB11-22: Photoshop GIF Handling Vulnerability

Photoshop is a popular image editing program. Photoshop CS5 suffers from an unspecified vulnerability involving its inability to properly handle specially crafted GIF images. If an attacker can trick you into downloading and opening a malicious GIF image in Photoshop, she can exploit this flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer.
Adobe Severity: Critical

RoboHelp 9 is software that helps you create help systems. It suffers from an unspecified Cross-Site Scripting (XSS)  vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the Robohelp component. 
Adobe Severity: Important.

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. A properly configured firewall can mitigate the risk of some of these issues. That said, the Firebox cannot protect you from local attacks, nor can it prevent attacks that leverage normal HTTP traffic. Therefore, installing Adobe’s updates is your most secure course of action.

Status:

Adobe  has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.


Follow

Get every new post delivered to your Inbox.

Join 7,700 other followers

%d bloggers like this: