Posts in Category "Uncategorized"

Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15)

A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

 

Adobe Reader and Acrobat Vulnerability Report

Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.

This posting is provided “AS IS” with no warranties and confers no rights.

Clickjacking issue in Adobe Flash Player Settings Manager

Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required.

This posting is provided “AS IS” with no warranties and confers no rights.

Prenotification: Security Update for Flash Player

A Flash Player update is scheduled for release tomorrow, September 21, 2011. This update will address critical security issues in the product as well as an important universal cross-site scripting issue that is reportedly being exploited in the wild in targeted attacks.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

DigiNotar removed from Adobe Approved Trust List (AATL)

As discussed on the Security Matters blog, the Adobe Approved Trust List (AATL) has been updated to remove the certificate authority DigiNotar. Users of Adobe Reader and Acrobat X (version 10.x) will be automatically updated to this list. A future product update of Adobe Reader and Acrobat version 9.x will enable dynamic updates of the AATL. In the meantime, users of Adobe Reader and Acrobat 9 can manually remove DigiNotar using instructions provided in the September 9 blog post.

This posting is provided “AS IS” with no warranties and confers no rights.

Update on DigiNotar removal from the Adobe Approved Trust List (AATL)

An update on the removal of the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL) following the recent DigiNotar breach has been posted on the Security Matters blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Update on DigiNotar and the Adobe Approved Trust List (AATL)

We are in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL) and will post an update on this action tomorrow.

In the meantime, users can manually remove these certificates from Adobe Reader and Acrobat* by following these steps:
(*Note that the AATL is only supported in Adobe Reader and Acrobat versions 9 and X.)
 
Adobe Reader Version 9
1)   Open Adobe Reader.
2)   Open the Document Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.
  
Adobe Acrobat Version 9
1)   Open Adobe Acrobat.
2)   Open the Advanced Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.
 
Adobe Reader and Acrobat X
1)   Open Adobe Reader or Acrobat.
2)   Open the Edit Menu->Protection->Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.

This posting is provided “AS IS” with no warranties and confers no rights.

Alert: Adobe Acrobat/Reader Upgrade Email Spam/Phishing Scam

With the availability of Adobe Acrobat X solutions this week, a reminder to be cautious when receiving email messages purporting to offer a download of a new version of Adobe Acrobat or Adobe Reader sent by entities claiming to be Adobe.

Many of these emails require recipients to register and/or provide personal information. Please be aware that these emails have not been sent by Adobe or on Adobe’s behalf.

The Adobe Reader, in particular, is free software available for download directly from the Adobe Reader download page on the Adobe website at http://get.adobe.com/reader/; it is not available in any other manner via download, including via email.

Customers receiving one of these potentially malicious emails should delete the email immediately without clicking on any of the links.

Potential issue in Adobe Reader

Adobe is aware of a potential issue in Adobe Reader posted publicly today on the Full Disclosure list. A proof-of-concept file demonstrating a Denial of Service was published. Arbitrary code execution has not been demonstrated, but may be possible. We are currently investigating this issue. In the meantime, users of Adobe Reader 9.2 or later and 8.1.7 or later can utilize the JavaScript Blacklist Framework to prevent the issue by following the instructions below. Note that Adobe Acrobat is not affected by this issue.


Adobe Reader 9.2 and later and Adobe Reader 8.1.7 and later – Windows

On Windows, the JavaScript Blacklist can be in two locations. Please review the following options and then create the registry key of your choice:

Enterprise list: This blacklist helps enterprises roll out policies that block exploitable API(s) from executing in their environment. Populating the blacklist in this location is the responsibility of the enterprise. Adobe patches never modify this registry location.
To create the registry key:
HKLM\SOFTWARE\Policies\Adobe\<product>\<version>\FeatureLockDown\cJavaScriptPerms\tBlackList

Adobe’s update/patch list: The Adobe blacklist is modified by Adobe Reader patches whenever an API is deemed vulnerable. APIs are also removed from the blacklist whenever a fix for a vulnerability is provided by the current patch.
To create the registry key:
HKLM\SOFTWARE\Adobe\<product>\<version>\JavaScriptPerms\tBlackList

    On a 64 bit Windows system, the path is:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe

->To prevent this particular issue, add the following value to the registry key created in the previous step (case sensitive):
Doc.printSeps

->Exit and restart the application

Adobe Reader 9.2 and later and Adobe Reader 8.1.7 and later – Macintosh

  1. On your Macintosh computer, go to the Applications folder or to the location where you have Adobe Reader installed.
  2. Right-click on Adobe Reader
  3. Click on Show Package Contents
  4. Expand Contents
  5. Expand MacOS
  6. Expand Preferences
  7. Create a backup of the FeatureLockDown file.
  8. Right-click on FeatureLockDown.
  9. Open With TextEdit.
  10. Just before the last >> add the following line to the FeatureLockDown file (case sensitive):
    /JavaScriptPerms [ /c << /BlackList [ /t (Doc.printSeps) ] >> ]
  11. Save the file
  12. Restart Adobe Reader

Adobe Reader 9.2 and later – UNIX

  1. Go to the Global Prefs file at:
    /Reader/GlobalPrefs/reader_prefs
  2. Add the following line to the file:
    /JavaScriptPerms [/c << /BlackList [/t (Doc.printSeps) ] >> ]

For more details, see the following Knowledge Base articles:
http://kb2.adobe.com/cps/504/cpsid_50431.html
http://kb2.adobe.com/cps/532/cpsid_53237.html

We will continue to provide updates on this issue via the Adobe PSIRT blog and/or the Security Advisory section of the Adobe website as appropriate.

November 8, 2010 Update:
We plan to resolve this issue in the update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions scheduled for release during the week of November 15, 2010, mentioned in Security Advisory APSA10-05. We have assigned CVE-2010-4091 to this issue. As of today, Adobe is not aware of any exploits in the wild or public exploit code for this issue.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat (APSA10-05)

A Security Advisory (APSA10-05) has been posted in regards to a new Flash Player, Adobe Reader and Acrobat issue (CVE-2010-3654). A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

Adobe Reader and Acrobat 8.x, and Adobe Reader for Android are confirmed not vulnerable. Mitigations for Adobe Reader and Acrobat 9.x are included in the Security Advisory.

We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player 10.x for Windows, Macintosh, Linux and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.