2 edits | Security Bulletin for Adobe Reader and AcrobatAdobe Reader and Acrobat Vulnerability Report
February 12, 2013: quote:
Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.
»blogs.adobe.com/psirt/2013/02/ad···ort.html |
|
| Re: Adobe Reader and Acrobat Vulnerability Report FireEye Malware Lab - 2013.02.12 quote:
In Turn, It's PDF Time
We have found IE, Java, and Flash zero-days in a row in the past several months, and now it's PDF’s turn. Today, we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.
Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.
[Update: February 13, 2013]
quote:
In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time.
»blog.fireeye.com/research/2013/0···ime.html |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| reply to chachazz
Ok on goes my conspiracy theory hat 
I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm 
--
Don't feed trolls--it only makes them grow! |
|
|
|
| Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month! |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3
·Frontier Communi..
| said by SpHeRe31459:Yeah seriously! Adobe and Oracle (Java) are making patch management a real pain this month!
Think of it all as a digital security fitness program. Oracle and Adobe are actually trying to build up everyone's patching muscles. See? They really do care about users... 
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | You're a glass half full type of guy right?
--
Don't feed trolls--it only makes them grow! |
|
 RebriderBeen There Done ThatPremium
join:2000-11-23 | reply to StuartMW
said by StuartMW:Ok on goes my conspiracy theory hat
I'm convinced Adobe is deliberately releasing vulnerable software on purpose. Either that or they're totally incompetent. Or both. Hmmm
+1 |
|
 angussfPremium
join:2002-01-11
Tucson, AZ
kudos:4 | reply to chachazz
This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript.
Free PDF Reader - Sumatra PDF |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | reply to Blackbird
Adobe and Oracle are right up there among the most flawed and vulnerable software.
Handle with kid gloves. |
|
 antdudeA Ninja AntPremium,VIP
join:2001-03-25
United State
kudos:4
 ·RoadRunner Cable
| said by siljaline:Adobe and Oracle are right up there among the most flawed and vulnerable software... What about Microsoft?
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | Good point  |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to chachazz
Adobe said it's currently working on a fix for the security issue and will update its bulletin once a launch has been scheduled. In the meantime, Windows users of Adobe Reader XI and Acrobat XI can protect themselves from the security exploit by turning on Protected View as follows: quote:
Open Reader or Acrobat. Click on the Edit menu, select Preferences, and then click on the Security (or Security Enhanced) option. In the Protected View section at the top of the window, click on the button to enable "Files from potentially unsafe locations" and then click OK.
|
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:22 | reply to angussf
said by angussf:This is why I use SumatraPDF as my default PDF reader, with Foxit Enterprise Reader as a backup for when I need to read PDFs which use Javascript.
Free PDF Reader - Sumatra PDF And why I use Nitro as mine. »en.wikipedia.org/wiki/Nitro_PDF |
|
1 edit | reply to chachazz
Adobe PSIRT: Security Advisory for Adobe Reader and Acrobat (APSA13-02)
February 13, 2013 | Last updated: February 14, 2012
Vulnerability identifier: APSA13-02
quote:
A Security Advisory (APSA13-02) has been posted in regards to critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.
Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.
Adobe will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.
Security bulletin APSA13-02
Summary:
Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.
Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.
Affected Software Versions
• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
Mitigations
Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.
Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here. |
|
| reply to chachazz
Re: Security Bulletin for Adobe Reader and Acrobat for some reason, i can't get adobe's "security advisories" webpage to open.. when i try to open the webpage, it hangs on trying to load content from "wwwimages.adobe.com"..
i don't have a problem with opening any of adobe's other webpages, just the "security advisories" webpage..
here is a link for adobe's "security advisories" webpage:
»www.adobe.com/support/security/ |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to chachazz
Re: Adobe Reader and Acrobat Vulnerability Report Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.
--
Don't feed trolls--it only makes them grow! |
|
| 9.x installs on Win2k? Adobe says only ver 8.x is Win2k compatible officially. Unofficially I'd think any recent version could be tricked into being installed, no?
Or perhaps more importantly why do you still have a Win2k box around? Some really special proprietary software? I'd hope you have it offline, since Win2k hasn't received updates in years, so the issue would be moot.
Acrobat 9.x and older is such a steaming pile to deal with, and it has no sandboxing abilities, so there's inherently no workaround possible. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| Yup. 9.x is the last to work on Win2K. No trick(s) required--just run the installer.
quote:
Or perhaps more importantly why do you still have a Win2k box around?
Because that box only supports Win2K and it works perfectly fine for it's intended purpose as a backup machine/server.
--
Don't feed trolls--it only makes them grow! |
|
| Never mind, mod's please delete... |
|
1 edit | reply to redwolfe_98
Re: Security Bulletin for Adobe Reader and Acrobat said by redwolfe_98:i can't get adobe's "security advisories" webpage to open.. am i the only one who can't get adobe's "security advisories" webpage to open?
nevermind.. i figured out that the problem was caused by my avira program's "webguard", with the settings that i was using.. |
|
