I have talked about these vulnerabilities before, and want to update you a little bit about it’s progress.
Paul Royal, principal researcher for Purewire, says a vulnerability in the latest versions of Adobe’s Flash Player allows criminals to take complete control of end users’ computers Royal says, the technique uses a 1.1 kilobyte Adobe Flash file to target the vulnerability.
Right now, it has been reported that a few major Antivirus vendors catch the SWF poisoned file as Trojan.Pidief.G however there are many that seem to be overlooking it.
To add to the madness, as if that weren’t enough, popular websites that the exploit could be encountered from, are legitimate sites whom they, themselves, have been compromised.
It is very difficult to protect one’s self from this type of attack. NoScript in Mozilla 3.5.2 (or later) will help, but you still have to be on your toes. While there are only a very small group of researchers that are aware of it today, eventually it will hit milw0rm and those numbers could change radically.
There is also a lesser known yet just as powerful version where a pdf has the exploit within it. Symantec was reported as having said, “you can block this method by preventing Adobe Reader from running Javascript.”
CERT says to disable Flash by renaming the authplay.dll and rt3d.dll files.
Adobe has released product updates to Adobe Reader, Acrobat and Flash Player to resolve the relevant security issues.
There is a tool (Secunia PSI) out there that will help you know if your software is up to date and all of your patches are applied. Just like the NoScript in Firefox 3.5.2 (or later), it will help, but it means you have to stay up on it.
As a side note:
Julia Wolf from FireEye wrote an informative article about how Actionscript can be used to spray the heap. Doing this details clearly why turning off JavaScript will not protect you.
No Comments