Keep Your Eyes on This Adobe 0-Day

A new Adobe exploit is circulating via Flash movies in the last day or so. Looks like the vulnerability is present across many Adobe products and can be exploited on Android, Linux, Windows and OS X.

Here is a link to the Dark Reading article about the issue.

You can also find the Adobe official alert here.

As this matures and evolves and gets patched, it is a good time to double check your patching process for workstation and server 3rd party software. That should now be a regular patching process like your ongoing operating system patches at this point. If not, then it is time to make it so.

Users of HoneyPoint Wasp should be able to easily any systems compromised via this attack vector using the white listing detection mechanism. Keep a closer than usual eye out for suspicious new processes running on workstations until the organization has applied the patch across the workstation environment.

Adobe Emergency Patch for 17 Holes

Just a quick heads up post that Adobe has just released an “emergency patch” for at least 17 holes in Reader and Acrobat. This is likely worth rushing into testing and ultimately production as PDF attacks have become all the rage lately. You can find more information about the patch here: http://www.theregister.co.uk/2010/06/29/adobe_emergency_patch/

SWF Whitepaper and VoIP Vulns

There is a guide available from Adobe on creating secure Flash applications. In the wake of the mid December Adobe Shockwave Flash vulnerabilities, Adobe has released a white paper on “Creating more secure SWF web applications”. This, combined with flash data validation libraries available from Google, allow for a complete solution to any potential vulnerabilities. Developers of Flash animations/movies/applications should take the time to read over this document and see where they could use the data validation libraries within their environment. Security teams should be testing all of their environments Flash applications for any vulnerabilities and coordinate to get these resolved. From what I’ve read, when Adobe makes the second update for these issues available early 2008, the issues will not be completely resolved in already developed Flash applications.

Here’s a link to the article http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html and the validation libraries http://code.google.com/p/flash-validators/

Also, it appears a few SIP vendors have had vulnerabilities reported in them today. Avaya is affected by two issues, one in pam and the other in OpenSSH. The issue in pam could allow for the disclosure of sensitive data, or allow the injection of characters into log entries. The issue with OpenSSH could allow arbitrary code execution (race condition) and the discovery of valid usernames. Here’s the original Avaya advisories: http://support.avaya.com/elmodocs2/security/ASA-2007-526.htm and http://support.avaya.com/elmodocs2/security/ASA-2007-527.htm

Asterisk is vulnerable to a Denial of Service when handling the “BYE/Also” transfer method. Exploitation requires that a dialog already be established between the two parties. Asterisk versions prior to 1.4.17 are vulnerable. The issue is fixed in version 1.4.17.