• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Adobe Partially Corrects Flash Zero Day in Reader and Acrobat

April 22, 2011 By Corey Nachreiner

Severity: High

22 April, 2011

Summary:

  • These vulnerabilities affects: Recent versions of Adobe Reader, and Acrobat
  • How an attacker exploits it: In various ways, but most commonly by enticing your users into opening a Word or Excel document containing malicious Flash
  • Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it
  • What to do: If you use these popular Adobe products, you should download and install their various updates as soon as possible.

Exposure:

Typically, Adobe’s quarterly Patch Day falls on the same Tuesday as Microsoft Patch Day (the second Tuesday of the month). However, a recent zero day Flash exploit circulating in the wild has encouraged Adobe to release an out-of-cycle patch early.

Yesterday, Adobe released updates for Reader and Acrobat to fix an unpatched Flash vulnerability, which attackers are exploiting in the wild. Since the flaw lies within a Flash component that ships with many Adobe products, it affects Reader and Acrobat as well. I mentioned this flaw already in a post a week or so ago.

As usual, Adobe doesn’t describe this flaw in any technical detail. However, they do mention that the flaw lies within the authplay.dll Flash component, which has already been subject to a very similar  previous vulnerability. By enticing you into opening specially crafted, Word, Excel, or maybe even PDF documents, attackers can leverage this unspecified flaw to execute code on your computer, with your resources. As usual, if you are an administrator, it’s game over.

See Adobe’s APSB11-08 bulletin for more details about this update.

Solution Path:

Adobe has released updates for Reader and Acrobat to fix this flaw in some of their products. They fully patch Acrobat, however, they have not released a fix for Reader X for Windows. Adobe argues that Reader X’s default security settings should protect you from these attacks, so they do not plan to release the Reader X update for Windows till their normal patch day, next June.

If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you. 

  • APSB11-08:
    • Adobe Reader 10.x
      • For Windows (coming in June)
      • For Mac
    • Adobe Reader 9.x
      • For Windows
      • For Mac
    • Adobe Acrobat
      • Standard and Pro for Windows
      • Pro Extended for Windows
      • Pro for Mac

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from downloading certain types of files via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of some of these vulnerabilities by blocking various Adobe and MS Office related files using your Firebox’s proxy services. Such files include, .DOC, .XLS,  .PDF, .SWF, .DIR, .DCR, and .FLV. That said, many websites rely on these files to display interactive content. Blocking them could prevent some sites from working properly. Furthermore, many businesses rely on these file types to share documents. Blocking them would affect legitimate files as well. For that reason, we recommend the updates above instead.

Nonetheless, if you choose to block some Adobe  and Office files, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block files by their file extensions:

  • Firebox X Edge running 10.x
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy
  • Firebox X Core and X Peak running Fireware 10.x
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy?

Status:

Adobe has released updates to fix these vulnerabilities.

References:

  • Adobe Reader Security Bulletin

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Adobe, Reader, Zero day exploit

Comments

  1. heavy addiction says

    April 20, 2013 at 8:29 pm

    Hmm it looks like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog.
    I as well am an aspiring blog blogger but I’m still new to everything. Do you have any suggestions for beginner blog writers? I’d certainly appreciate it.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use