Archive for May, 2008

More information on recent Flash Player exploit

Here’s some more information about the recent reports of Flash Player exploits in the wild that may help answer some of the questions we’ve been seeing:
– This is not a zero-day exploit. Despite various reports that have been circulating, the Flash Player Standalone 9.0.124.0 and Linux Player 9.0.124.0 are NOT vulnerable to the exploits discussed in conjunction with the previously disclosed vulnerability Symantec posted on 5/27/08. Symantec originally believed this to be a zero-day, unpatched vulnerability, but as their latest update on their Threatcon page indicates, they have now confirmed this issue does not affect any versions of Flash Player 9.0.124.0.
– Although the original vulnerability, disclosed last month in Security Bulletin APSB08-11, affects all platforms (Mac, Windows, and Linux), all of the exploits we’ve seen so far target Windows users.
– The ‘campaign’ included SQL injection attacks and apparently took advantage of various other (non-Flash Player) vulnerabilities to redirect users from legitimate sites to malicious domains serving the exploit SWFs.
– Symantec and other major antivirus vendors have added detections for the exploits seen so far.
– The recent Flash Player 10 beta is also not vulnerable to this exploit.
Finally, at the risk of sounding repetitive, in order to make sure users are not vulnerable to these exploits, we strongly encourage users to download and install the latest Flash Player update, 9.0.124.0. No uninstall is necessary, just install the latest Flash Player. Customers using multiple browsers should perform the update for each browser installed on their system.

Potential Flash Player issue – update

Here’s an update on our progress investigating the recent reports of a potential Flash Player exploit in the wild. The exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). This exploit does NOT appear to include a new, unpatched vulnerability as has been reported elsewhere – customers with Flash Player 9.0.124.0 should not be vulnerable to this exploit. We’re still looking in to the exploit files, and will update everyone with further information as we get it, but for now, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.
UPDATE: We’ve just gotten confirmation from Symantec that all versions of Flash Player 9.0.124.0 are not vulnerable to these exploits. Again, we strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0. To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. Customers using multiple browsers are advised to perform the check for each browser installed on their system and update if necessary.
Thanks to Symantec for working very closely with us over the last 2 days to confirm that this is not a zero-day issue, and to Mark Dowd and wushi for originally reporting this issue.
This posting is provided “AS IS” with no warranties and confers no rights

Potential Flash Player issue

Just a quick note to say we are aware of today’s report of a potential exploit involving Flash Player in the wild. We are working with Symantec to investigate the potential SWF vulnerability, and will have an update once we get more information.
UPDATE: This exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 (CVE-2007-0071). We strongly encourage everyone to download and install the latest Flash Player update, 9.0.124.0.
This posting is provided “AS IS” with no warranties and confers no rights

Security Bulletins – May 2008

We have just released an important update for Acrobat 7 and Adobe Reader 7 users, which resolves the issues previously mentioned in Security Advisory APSA08-01. If you have already updated to Reader 8.1.2 or Acrobat 8.1.2, you are all set. But, if you are using Acrobat 7, or if you are using Adobe Reader 7 and can’t update to Reader 8, please review Security Bulletin APSB08-13 and update your installations accordingly. As previously mentioned, we have heard reports of one of the issues being exploited in the wild, so please update if you haven’t already.
Also note that we released Security Advisory APSA08-05 for After Effects CS3 today, in response to a public posting of a BMP-handling vulnerability in After Effects. As mentioned in the advisory, it’s not a common workflow to use BMP files within After Effects, and most files used in the After Effects workflow come from trusted sources. That said, as always, we advise customers to exercise caution when receiving and opening files from untrusted sources.

This posting is provided “AS IS” with no warranties and confers no rights