Posts in Category "Uncategorized"

Adobe Reader Issue Update

Posted on May 1, 2009 by David Lenoe | Comments (0)

A Security Advisory has been posted in regards to the Adobe Reader vulnerability last mentioned in the Adobe PSIRT blog on April 28 (“Update to Adobe Reader Issue“, CVE-2009-1492). We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X.
Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix (first mentioned in our April 28 post). This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate.
In the meantime, to mitigate both issues disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Adobe is in contact with Antivirus and Security vendors regarding both of these issues in order to ensure the security of our mutual customers.
We will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.

Update on Adobe Reader Issue

Posted on April 28, 2009 by David Lenoe | Comments (0)

This is an update on the Adobe Reader vulnerability first discussed on the Adobe PSIRT blog on April 27 (“Potential Adobe Reader Issue“). All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for the following supported versions and platforms to resolve this issue: Windows (9.x, 8.x, 7.x), Macintosh (9.x, 8.x) and Unix (9.x, 8.x). We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe is in contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers.
Adobe is also currently investigating the issue posted on SecurityFocus as BID 34740.
We will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.

Potential Adobe Reader Issue

Posted on April 27, 2009 by David Lenoe | Comments (0)

Adobe is aware of reports of a potential vulnerability in Adobe Reader 9.1 and 8.1.4, as described in SecurityFocus BID 34736. We are currently investigating, and will have an update once we get more information.
This posting is provided “AS IS” with no warranties and confers no rights

Adobe Reader and Acrobat Issue update

Posted on February 24, 2009 by David Lenoe | Comments (0)

This is an update on the Adobe Reader and Acrobat issue (CVE-2009-0658) discussed in Security Advisory APSA09-01. As mentioned previously, Adobe currently plans to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th. In addition, Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe continues its contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers. We are now able to report that the following Antivirus and Security vendors and related products provide protections and information regarding this vulnerability:
Bitdefender
BitDefender has provided info that their customers using the following products are protected from attacks against this exploit:
• BitDefender Antivirus 2009: http://www.bitdefender.com/PRODUCT-2216-en–BitDefender-Antivirus-2009.html
• BitDefender Internet Security 2009: http://www.bitdefender.com/PRODUCT-2217-en–BitDefender-Internet-Security-2009.html
• BitDefender Total Security 2009: http://www.bitdefender.com/PRODUCT-2214-en–BitDefender-Total-Security-2009.html
Checkpoint:
Check Point customers using Check Point Security Gateway products are protected from attacks exploiting this vulnerability, provided that the appropriate protection is activated. For more details and precise list of products, see http://www.checkpoint.com/defense/advisories/public/2009/sbp-24-Feb.html
F-Secure
F-Secure Anti-Virus 2009:
http://www.f-secure.com/home_user/products_a-z/fsav2009.html
F-Secure Internet Security 2009:
http://www.f-secure.com/home_user/products_a-z/fsis2009.html
F-Secure Client Security:
http://www.f-secure.com/small_businesses/products/fscs.html
F-Secure Online Scanner (free to use):
http://support.f-secure.com/enu/home/ols.shtml
F-Secure Anti-Virus for Windows Servers:
http://www.f-secure.com/small_businesses/products/fsavsrv.html
F-Secure Internet Gatekeeper (Windows and Linux)
http://www.f-secure.com/small_businesses/products/fsigk.html
F-Secure Anti-Virus for MS Exchange:
http://www.f-secure.com/small_businesses/products/fsavmse.html
F-Secure Secure Messaging Gateway:
http://www.f-secure.com/small_businesses/products/fsmsgx.html
McAfee:
Enterprise: http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html
Consumer: http://us.mcafee.com/
Desktop: http://www.mcafee.com/us/enterprise/products/system_security/clients/host_intrusion_prevention_desktop_server.html
Server: http://www.mcafee.com/us/enterprise/products/system_security/servers/host_intrusion_prevention_server.html
Intrushield – Network IPS: http://www.mcafee.com/us/enterprise/products/network_intrusion_prevention/network_security_platform.html
Microsoft:
Microsoft Corporation products protecting against Exploit:Win32/Pidief and variants:
Microsoft Forefront Client Security
Microsoft Windows Live OneCare
Microsoft Windows Live OneCare safety scanner
Sophos
Here is the list of Sophos products that protect in one way or another against exploits attempting to exploit the vulnerability:
Sophos Endpoint Security and Control – http://www.sophos.com/products/enterprise/endpoint/security-and-control/8.0/ using HIPS buffer overflow protection and anti-malware protection engine.
Sophos Web Security Appliance – http://www.sophos.com/products/enterprise/web/security-and-control/, using anti-malware protection engine and URL filtering.
Sophos PureMessage (all platforms) – http://www.sophos.com/products/enterprise/email/security-and-control/, using anti-malware and anti-spam protection engines.
Symantec:
Norton Antivirus 2009 (and earlier supported version) http://www.symantec.com/norton/antivirus
Norton Internet Security 2009 (and earlier supported version) http://www.symantec.com/norton/internet-security
Norton 360 http://www.symantec.com/norton/360
Symantec Endpoint Protection 11 http://www.symantec.com/business/endpoint-protection
Symantec AntiVirus 10 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for CacheFlow Security Gateway http://www.symantec.com/business/antivirus-for-caching
Symantec AntiVirus for Inktomi Traffic Edge http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for NetApp Filer/NetCache http://www.symantec.com/business/security_response/definitions.jsp
Symantec Mail Security for Domino v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-domino
Symantec Mail Security for Microsoft Exchange v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-microsoft-exchange
Symantec Mail Security for SMTP v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-smtp
Symantec Web Security 3.0 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Bluecoat Security Gateway http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Clearswift MIMESweeper http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Microsoft ISA Server http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus Scan Engine http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Linux http://www.symantec.com/business/endpoint-protection
Symantec Brightmail Gateway http://www.symantec.com/business/brightmail-gateway

Sourcefire:
Users/Customers of Sourcefire, Snort and ClamAV are protected against this vulnerability.
Sourcefire 3D System
http://www.sourcefire.com/products/snort/rules/advisories/sa022009.html
OpenSource Snort
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-24.html
ClamAV
http://www.clamav.net
Trend Micro:
Product link: http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/index.html
Overview: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN
We will continue to provide updates on this issue via Adobe’s Security Advisory and the PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights

ASSET Blog

Posted on December 10, 2008 by David Lenoe | Comments (0)

We want to let everyone know that today we’ve launched the Adobe Secure Software Engineering Team (ASSET) Blog. Click here for more information.

Clickjacking Security Advisory

Posted on October 7, 2008 by David Lenoe | Comments (0)

We have just posted a Security Advisory for Flash Player in response to recently published reports of a ‘Clickjacking’ issue in multiple web browsers that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. This potential ‘Clickjacking’ browser issue affects Adobe Flash Player’s microphone and camera access dialog. A Flash Player update to mitigate the issue will be available before the end of October. In the meantime, users can apply the workaround described in the Advisory.
Thank you again to Robert Hansen and Jeremiah Grossman for their help with this issue. Adobe will continue to work with Jeremiah, Robert, and browser vendors on a comprehensive Clickjacking solution.

This posting is provided “AS IS” with no warranties and confers no rights.

Clipboard attack update

Posted on September 19, 2008 by David Lenoe | Comments (0)

Here’s a quick update to note that we will be changing the way Flash Player interacts with the clipboard to help prevent the potential clipboard attacks that have been reported recently. Please see the following Article on security changes in Flash Player 10 for more information. These changes will be available in the final Flash Player 10 release soon.
This posting is provided “AS IS” with no warranties and confers no rights

Security Advisory – Illustrator CS2 for Mac

Posted on September 16, 2008 by David Lenoe | Comments (0)

We just posted a Security Advisory for Illustrator CS2 (Mac only). Illustrator CS3 and the upcoming Illustrator CS4 release are not vulnerable to these issues. Thanks to Nathan McFeters for reporting these issues to us.

Thanks to Jeremiah Grossman and Robert “RSnake” Hansen

Posted on September 15, 2008 by David Lenoe | Comments (0)

Robert “RSnake” Hansen and Jeremiah Grossman recently shared with us some information they were planning to include in an upcoming presentation at the OWASP NYC AppSec conference. The presentation centered around an issue that affects multiple browsers and websites, and, as it turns out, one of our products. While they saw this issue as primarily a web browser issue, they showed us that one of their demos included an Adobe product. We worked together with Robert and Jeremiah to assess the impact of this issue, and they determined that it was in our customers’ best interest to refrain from making this issue public until Adobe and web browser vendors have a chance to provide a fix or fixes to our mutual customers. We want to say thank you to Robert and Jeremiah for working with us and other vendors on this issue. We will continue to provide further information about this as it becomes available.
This posting is provided “AS IS” with no warranties and confers no rights

Security Advisory – Flash Media Server

Posted on September 2, 2008 by David Lenoe | Comments (0)

A new Security Advisory for Flash Media Server 3.0 has just been posted. This Advisory points customers to a recent tech note that describes how to protect Flash Media Server video content from stream capture software, or ‘rippers’.