dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2221
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

2 edits

2 recommendations

Security Bulletin for Adobe Reader and Acrobat

Adobe Reader and Acrobat Vulnerability Report
February 12, 2013:

quote:
Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.
»blogs.adobe.com/psirt/2013/02/ad···ort.html


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

Re: Adobe Reader and Acrobat Vulnerability Report

FireEye Malware Lab - 2013.02.12

quote:
In Turn, It's PDF Time
We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.

Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.

[Update: February 13, 2013]
quote:
In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time.
»blog.fireeye.com/research/2013/0···ime.html


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to chachazz

Ok on goes my conspiracy theory hat

I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm
--
Don't feed trolls--it only makes them grow!


SpHeRe31459

join:2002-10-09
Sacramento, CA
kudos:2

1 recommendation

Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month!



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

said by SpHeRe31459:

Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month!

Think of it all as a digital security fitness program. Oracle and Adobe are actually trying to build up everyone's patching muscles. See? They really do care about users...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

You're a glass half full type of guy right?
--
Don't feed trolls--it only makes them grow!



Rebrider
Been There Done That
Premium
join:2000-11-23

1 recommendation

reply to StuartMW

said by StuartMW:

Ok on goes my conspiracy theory hat

I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm

+1


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4
reply to chachazz

This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript.

Free PDF Reader - Sumatra PDF


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to Blackbird

Adobe and Oracle are right up there among the most flawed and vulnerable software.

Handle with kid gloves.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

said by siljaline:

Adobe and Oracle are right up there among the most flawed and vulnerable software...

What about Microsoft?
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

Good point



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to chachazz

Adobe said it's currently working on a fix for the security issue and will update its bulletin once a launch has been scheduled. In the meantime, Windows users of Adobe Reader XI and Acrobat XI can protect themselves from the security exploit by turning on Protected View as follows:

quote:
Open Reader or Acrobat. Click on the Edit menu, select Preferences, and then click on the Security (or Security Enhanced) option. In the Protected View section at the top of the window, click on the button to enable "Files from potentially unsafe locations" and then click OK.


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy
reply to angussf

said by angussf:

This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript.

Free PDF Reader - Sumatra PDF

And why I use Nitro as mine. »en.wikipedia.org/wiki/Nitro_PDF


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 edit
reply to chachazz


Adobe PSIRT: Security Advisory for Adobe Reader and Acrobat (APSA13-02)

February 13, 2013 | Last updated: February 14, 2012
Vulnerability identifier: APSA13-02

quote:
A Security Advisory (APSA13-02) has been posted in regards to critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.

Adobe will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.
Security bulletin APSA13-02

Summary:
Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.

Affected Software Versions
• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Mitigations
Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.

Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to chachazz

Re: Security Bulletin for Adobe Reader and Acrobat

for some reason, i can't get adobe's "security advisories" webpage to open.. when i try to open the webpage, it hangs on trying to load content from "wwwimages.adobe.com"..

i don't have a problem with opening any of adobe's other webpages, just the "security advisories" webpage..

here is a link for adobe's "security advisories" webpage:

»www.adobe.com/support/security/



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to chachazz

Re: Adobe Reader and Acrobat Vulnerability Report

Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.

Presumably users of 9.5.3 (e.g. on a Win2K box) are SOL? I've done the workaround for boxes running 11.0.1.
--
Don't feed trolls--it only makes them grow!

SpHeRe31459

join:2002-10-09
Sacramento, CA
kudos:2

9.x installs on Win2k? Adobe says only ver 8.x is Win2k compatible officially. Unofficially I'd think any recent version could be tricked into being installed, no?

Or perhaps more importantly why do you still have a Win2k box around? Some really special proprietary software? I'd hope you have it offline, since Win2k hasn't received updates in years, so the issue would be moot.

Acrobat 9.x and older is such a steaming pile to deal with, and it has no sandboxing abilities, so there's inherently no workaround possible.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by SpHeRe31459:

9.x installs on Win2k?

Yup. 9.x is the last to work on Win2K. No trick(s) required--just run the installer.
quote:
Or perhaps more importantly why do you still have a Win2k box around?
Because that box only supports Win2K and it works perfectly fine for it's intended purpose as a backup machine/server.

--
Don't feed trolls--it only makes them grow!

SpHeRe31459

join:2002-10-09
Sacramento, CA
kudos:2

Never mind, mod's please delete...


redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit
reply to redwolfe_98

Re: Security Bulletin for Adobe Reader and Acrobat

said by redwolfe_98:

i can't get adobe's "security advisories" webpage to open.. am i the only one who can't get adobe's "security advisories" webpage to open?

nevermind.. i figured out that the problem was caused by my avira program's "webguard", with the settings that i was using..


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

1 recommendation

reply to chachazz

One thing Adobe omitted to tell us would be to disable:
AdobeARM from MSCONFIG



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

said by siljaline:

One thing Adobe omitted to tell us would be to disable:
AdobeARM from MSCONFIG


ARM is the update manager.
It is intended for the average users who do not manage their updates manually.

If it was an issue in this vulnerability, Adobe would have given instructions.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

quote:
This is a valid entry, but is classified as 'user's choice'.

It may not be needed, but that depends on whether the user deems it necessary.
I never use it, as it chokes MSCONFIG with superfluous start-ups.

--
Canadians reserve the Right to - Arm Bears




antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to chachazz

Adobe to patch Reader zero-day this week with rush update

»www.computerworld.com/s/article/···h_update

"Hackers exploiting sandbox-bypass bug. Adobe on Saturday said it would release an emergency patch for two Reader zero-day vulnerabilities this week.

Hackers have already been exploiting the bugs using rigged PDF documents sent as email attachments..."
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

From your snippet, antdude See Profile
»blogs.adobe.com/psirt/2013/02/sc···-02.html

quote:
We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013.
--
Canadians reserve the Right to - Arm Bears


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 recommendation

Re: Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat
Release date: February 20, 2013
See the Bulletin for details: »www.adobe.com/support/security/b···-07.html

Acrobat for Windows: »www.adobe.com/support/downloads/···=windows
Reader for Windows: »www.adobe.com/support/downloads/···=Windows

Acrobat for Mac: »www.adobe.com/support/downloads/···form=Mac
Reader for Mac: »www.adobe.com/support/downloads/···acintosh

For detailed Release Notes, please see the Enterprise Toolkit.



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

StuartMW See Profile may have duped, slightly.
»Re: Adobe Reader XI 11.0.2 and 9.5.4 available



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

No I think Chazzy duped. Check the post timestamps
--
Don't feed trolls--it only makes them grow!



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to siljaline

said by siljaline:

StuartMW See Profile may have duped,

A post for Adobe Reader with no Links or information?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Well I would've linked to this post but I forgot.

*whips self repeatedly*

BTW I was going to post links to the FTP site but FTP seems to be frowned upon these days (especially with respect to a certain browser).
--
Don't feed trolls--it only makes them grow!