Virginia Commonwealth University

Make it real.

This alert is Past.

Past alerts pertain to issues that have been resolved or which are no longer relevant.

Multiple Critical Adobe Vulnerabilities and Active Attacks Affecting Windows, Mac & Linux (Updated 6/29)

Critical vulnerabilities in Adobe Reader, Adobe Acrobat and Adobe Flash are actively being exploited by attackers in what’s known as 0-day attacks. 0-day attacks are attacks that occur before the vendor has released a security fix.

These vulnerabilities are extremely serious. In fact, Secunia has rated both as “Extremely Critical“, something they haven’t done during a span of 1,165 security advisories dating to March 9th.  It’s categorized this way because attacks can be performed remotely without requiring any user interaction and attackers are already exploiting the vulnerabilities.

What software is affected and what steps do you recommend?

The vulnerability in Adobe Reader and Acrobat affects version 9.3.2 (the current version), as well as all earlier version 9 releases, on Windows, Mac and UNIX. There is no patch yet so the recommended solution is to delete, rename or remove access to the file authplay.dll. The ramifications are that if you open a PDF file containing Flash content the software will crash or report an error. Alternately, if you use Adobe Reader, you can consider uninstalling it and installing the free Foxit Reader instead (software that VCU Information Security uses).

The vulnerability in Adobe Flash affects version 10.0.45.2 (the current version), as well as all earlier version 10 releases and version 9 releases, on Windows, Mac, Linux and Solaris. There is no patch yet so the recommended solution is to install the latest version 10.1 Release Candidate version (a “prerelease” version) or to uninstall Flash.

Does this affect me?

Over 98% of computer users run Adobe Reader, Adobe Acrobat and/or Adobe Flash. Since it affects all 3 and does so on a wide range of operating systems, it’s very unlikely it doesn’t affect you.

What can happen to my computer and my data and why should I care?

A successful exploit of one of these vulnerabilities can give the attacker remote system access to your computer, meaning the attacker can do anything on your computer that you can while you’re physically sitting at it.  If you are logged in as a user with administrator privileges that means the attacker can install malicious software that captures your keystrokes (like your university, email and banking usernames and passwords), steal your confidential files, use your computer to attack other systems (both inside and outside your network) and send spam, encrypt your sensitive files to hold them ransom and do a range of other things that are undesirable.

In short, your data, your money, your privacy and other computers on your network are at risk if this isn’t addressed.

How can an attacker do this?

The attacker simply needs to get your computer to process a PDF file or Flash file that contains malicious code. That can be done by sending you a file (by email, IM or any other means) and getting you to open it.  And the file could even appear legitimate!  And it could be shared by someone you know (or be shared by someone pretending to be someone you know).

But that’s not all. Your computer could be compromised simply by you visiting a malicious web page that loads Flash or PDF content. Again, it could appear legitimate. And worst of all, it’s possible it could load without it even being visible to you!

Think you can just avoid shady sites? Wrong! 71% of websites known to contain malware (malicious software) are legitimate sites! And these aren’t just small sites you’ve never heard of. 70% of the top 100 sites either have hosted malware or link to sites that host malware.

When will Adobe fix this!?

Adobe software has a track record of vulnerabilities and taking a long time to release patches. They’ve recently bragged about their self-imposed 15-day rush patch deadline implemented last year so if they meet that deadline again, a fix should be be available by June 19th.

Update (6/14/2010)

Adobe has released Flash Player 10.1 for Windows, Macintosh and Linux, which fixes 32 vulnerabilities, including those referenced in this alert. It is recommended that you either install this version of Flash or uninstall Flash.

Since Adobe AIR can also process Flash content, Adobe AIR is also impacted. If you are running Adobe AIR versions 1.5.3.9130 and
prior, it is recommended that you upgrade to version 2.0.2.12610.

Update (6/29/2010)

Adobe has released Adobe Reader and Acrobat 9.3.3 for Windows, Mac and UNIX.  The update fixes 17 vulnerabilities, including a critical vulnerability which first had exploit code reported on March 30th and was reported as being exploited 3 weeks ago in active attacks.  It is recommended that you either install this version.

Posted by Samuel Kennedy on Monday, June 7, 2010, at 11:10 am