PDA

View Full Version : Adobe Flash and PDF WARNING!



CCWKen
06-07-2010, 07:55 PM
Any you thought I was a paranoid over Flash. :rolleyes:


Adobe (NSDQ:ADBE) released an advisory Monday for a critical, zero-day vulnerability actively exploited in the wild against Adobe Flash Player, Reader and Acrobat.
Adobe ranked the flaw, which affects Windows, Mac, Solaris, Linux and UNIX platforms, with the highest severity rating of "critical," indicating that it could be subject to remote code execution attacks.

Security researchers report that hackers have already launched "in the wild" attacks on Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris, as well as Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.

Thus far however, Adobe Flash Player 10.1, which is currently in beta, as well as Adobe Reader and Acrobat 8.x "do not appear to be vulnerable" to an exploit, Adobe said in its advisory.

During an attack, malware, which Symantec (NSDQ:SYMC) researchers have dubbed as Trojan.Pidief, is distributed via an infected PDF file that drops a backdoor onto the victim's computer upon installation of affected Adobe software. Specifically, a malicious SWF file is used in conjunction with an HTML file to download another backdoor Trojan.

In an attack scenario, a hacker could trick a user into opening an infected PDF file, typically through some social engineering scheme delivered via e-mail. Once the infected file was downloaded, malware would be launched designed to crash users' computers or take control of the affected system to steal, alter or delete sensitive data such as financial information, health-care records or intellectual property.

Adobe has yet to release a patch repairing the zero-day flaw. Until then, researchers recommend users deploy a workaround by deleting, renaming, or removing access to the authplay.dll file, which ships with Adobe Reader and Acrobat 9.x. Users will be subject to a non-exploitable crash or error message if they attempt to open a malicious PDF file that contains a Trojan.

Adobe is currently investigating the problem and said that it would update their advisory once a fix schedule is determined. Meanwhile, to mitigate chances of an attack researchers recommend that users keep up-to-date antivirus, download the latest Adobe patches and avoid opening unknown or suspicious emails.

aboard_epsilon
06-07-2010, 08:00 PM
adobe acrobat that opens pdfs ..and adobe flash thast plays vids and animations are two different products ..are you saying both are compromised .

all the best.markj

CCWKen
06-07-2010, 08:05 PM
Yes, read the article.

There's no fix for Flash at this time. (Other than down loading Beta 10.1) A "half-fast" fix for Reader is to re-name "Authplay.dll" to something else.

Make sure your antivirus software is updated. It MAY catch the trojans.

aboard_epsilon
06-07-2010, 08:10 PM
i just disabled it for now ..

in manage add ons, in exporor

if the program is called shockwave flash object ..that is.

btw this website uses it .

all the best.mark

CCWKen
06-07-2010, 08:14 PM
I don't have Flash loaded so I usually get a notice bar (like a blocked pop-up) on sites that request Flash. I don't get one here. It could be that one of the ads is calling for Flash. (I don't have ads either.)

aboard_epsilon
06-07-2010, 08:16 PM
seems its used by youtube as well

so no youtube for a few days

all the best.markj

CCWKen
06-07-2010, 08:55 PM
I just found something else while researching Adobe SWF files.


Flash Player already reaches over 98% of Internet-enabled desktops and more than 800 million handsets and mobile devices.

I wonder if the mobile devices are vulnerable too? :eek: None of the articles, so far, have mentioned them. Maybe it's just the PC operating systems.

oldtiffie
06-07-2010, 09:02 PM
Its not the first time that Adobe has been found lacking in terms of getting "infected" and of being tardy at both informing users/clients and getting it fixed.

Getting Adobe stuff off your computer can be as bad as getting rid of all traces of Symantec stuff. I got rid of mine when I had two new computers built.

The worst I've seen and had as regards Adobe was Acrobat Reader as my copy (legal) of Machinerys Handbook 27 CD was tied to Acrobat and simply would not work with any other PDF reader or writer. So that legal MHB CD is a complete loss.

Your Old Dog
06-07-2010, 09:21 PM
I have always been suspicious of emailed PDF files and never open them if I know they are "forwards". Once you click that open button you have no idea what's going to happen or not happen !

CCWKen
06-07-2010, 09:39 PM
What I dislike the most about Flash and the reason I don't load it on my PCs is the embedded standalone script language that can be run without ANY user options or system control. You basically hand-over your PC to website programmers. While this may be okay for some specific sites like You-Got-Tubed, it opens your PC to the advertisers and (other) scum bags. If you've ever browsed the capabilities of the script language, you'll see that a programmer has the capabilities to lock YOU out of your machine and/or direct it to the control of other sites. I don't see how Adobe has gotten away with it for so long.

PDFs are bad enough but I'll pass on any SWF files. I'll wait for HTML5.

Evan
06-07-2010, 09:51 PM
If you use Adobe reader uninstall it and install Foxit reader instead.

http://www.foxitsoftware.com/pdf/reader/

For flash update to Flash 10.1

http://labs.adobe.com/downloads/flashplayer10.html

Problem solved.

CCWKen
06-07-2010, 10:12 PM
For flash update to Flash 10.1

http://labs.adobe.com/downloads/flashplayer10.html

Problem solved.

Except it's a pre-release version AND it does nothing to stop the script vulnerabilities.

beanbag
06-07-2010, 10:21 PM
And this is why Steve Jobs like HTML5.

dp
06-07-2010, 10:36 PM
And this is why Steve Jobs like HTML5.

Speaking of which the new Safari browser is out with a bunch of new HTML5 features enabled.

Evan
06-08-2010, 12:36 AM
Except it's a pre-release version AND it does nothing to stop the script vulnerabilities.


It stops the current known vulnerability. All software of any considerable complexity has unknown vulnerabilites. Most software that is of any utility has scripting capability. That includes Sketchup and nearly every Cad program including CamBam, most high end graphics programs and all the Microsoft Office suite as well as OpenOffice which supports Python scripting and not surprisingly has been found to have vulnerabilities.

CCWKen
06-08-2010, 01:24 AM
LOL...Complex? We're talking about showing a video for crying out loud! :rolleyes:

What was wrong with Quick-Time or MS Media Player?

Forgot to mention: The vulnerabilities are not accidents. Flash has designed-in capabilities that allow misuse if the programmer desires.

Evan
06-08-2010, 02:04 AM
LOL...Complex? We're talking about showing a video for crying out loud!

Come on Ken. Even media player classic is tens of thousands of lines of code.


The vulnerabilities are not accidents. Flash has designed-in capabilities that allow misuse if the programmer desires.

So does any other software that permits scripting. "Scripting" is just newspeak for programming. Once you have the ability to run code there is always a way to exploit some sort of vulnerability in an operating system. There hasn't yet been an operating system developed that is 100 percent secure.

psomero
06-08-2010, 05:04 AM
this is not news. adobe flash and acrobat have had a history of egregious security holes and are an infection vector that is leveraged by many virus writers.

the last "big" one was about a year ago. they had a similar press release, but nobody seems to take them seriously ever.

i don't get why adobe's products became such widely used formats. sure, they're somewhat convenient, but they've long been known security risks and are absolutely horrible resource hogs...

Evan
06-08-2010, 06:01 AM
PDF became popular for one specific reason: What you see is what you get when printed regardless of the platform. It was the only text and graphics page formatted scalable presentation format that did so accurately. Early printers were character based such as the Diablo series from Xerox. They had no practical graphic capability. Then came the dot matix printers that could print bitmaps. This allowed for a vector based page language to be able to print anything seen on the screen. At the same time laser printers with 300 dpi resolution came along that could do the same but with high quality resolution.

There were plenty of formats that implemented WYSIWYG but none that were cross platform and cross printer compatible, except PDF.

In my opinion PDF was largely useless because of the incredibly cumbersome Adobe Reader software. Then along came Foxit Reader which overnight made PDF a practical and useable format.

MTNGUN
06-08-2010, 10:55 AM
I switched to Foxit years ago at Evan's suggestion. Best thing I ever did to Windoze.

The claim is that Linux is affected. To begin with, few Linux users install Adobe software. Second, when is the last time there was a thread on HSM asking for help removing malware from a Linux box ? Has there EVER been an HSM thread asking for help removing malware from a Linux box ? I know Linux malware is out there, but it seems to be very rare.

Evan
06-08-2010, 11:07 AM
Linux systems aren't targeted for the same reasons as Windows machines. Linux/Unix runs the internet and the compromises are of a different nature and are not targeted at the users since there frequently aren't any. The type of exploits used on linux machines are aimed at gaining direct control for the purpose of intercepting traffic, propagating infections to other machines or even for the purpose of direct break ins to vandalize, steal or otherwise alter data. The usual exploit for linux is to try and install a "rootkit" which is intentionally made as invisible as possible and is not intended to reduce the utility of the machine. Once a Linux machine has been infected in such a manner it must be rebuilt from scratch. Rootkits are impossible to remove with confidence as they will alter system files as well as checksums for those files.

BobWarfield
06-08-2010, 12:53 PM
Evan's right. You can find stories of this kind about almost any commonly used OS, Web Browser, or any software that includes scripting. Despite whatever the fanboys for a particular community may say or think, it is all vulnerable. You can't just say, "Oh, I won't ever run Windows, if I only run Linux, if I never use Flash, blah, blah, blah." You're kidding yourself if you do.

HTML 5 will be the same and is no panacea either, and it doesn't take long on Google to find many articles like this one:

http://www.itbusinessedge.com/cm/blogs/poremba/why-html-5-could-present-web-app-security-risk/?cs=38924

The truth is that scripting is important for many legitimate uses. In the end, being programmable is what computers do versus other machines, and it isn't going away any time soon. Bugs in software create as much opportunity as scripting does, anyway. Neither Flash nor any of these other programs put scripting, let alone bugs, in to facilitate malware writers, so you need to get over it.

Viruses and other malware are unfortunately a fact of life because it is a huge business. Forget worrying about the pranksters, it's the fraudsters that are making zillions doing this or pursuing politcal agendas. There are national governments that fund it as well as organized crime. It's like having a reward worth millions of dollars out there for anyone that can crack your PC, because if they can crack yours, they can crack many others.

You can't hide from it, you can only run the best virus software you can get your hands on and stay vigilant. It also helps to get your email via a large organization like Google. They have a vested interest in filtering spam (it costs them money to distribute it and makes their customers unhappy) and malware (they don't want the PR headaches and they don't want their own stuff infected).

The notices of intrusion attempts for me went way down once I adopted Gmail as my mail reader as did the spam.

Sincerely,

BW

MTNGUN
06-08-2010, 02:45 PM
you can only run the best virus software you can get your hands on and stay vigilant.
Most linux users don't run any anti-malware software.

Saying that all software is vulnerable, so there's no point in avoiding Windoze or Adobe, is like saying that lightning may strike anywhere, so feel free to stand on a mountain peak during a thunderstorm.