Adobe Patches Zero Day in Flash Player, Reader, and Acrobat

Severity: High

21 March, 2011

Summary:

  • These vulnerabilities affects: Recent versions of Adobe Reader, Acrobat,  and Flash Player
  • How an attacker exploits it: In various ways, but most commonly by enticing your users into visiting a website containing malicious Flash or Reader content
  • Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it
  • What to do: If you use these popular Adobe products, you should download and install their various updates as soon as possible.

Exposure:

Typically, Adobe’s quarterly Patch Day falls on the same Tuesday as Microsoft Patch Day (the second Tuesday of the month). However, a recent zero day Flash exploit circulating in the wild has encouraged Adobe to release a few out-of-cycle patches early. Today, Adobe released two security bulletins that fix a  zero day Flash vulnerability in Reader, Acrobat, and Flash Player, running on all platforms (including Android).

Though the two bulletins affect different software, they both fix the same core Flash related vulnerability that we described in our earlier WatchGuard Security Center post. As usual, Adobe doesn’t describe this zero day flaw in any technical detail. However, they do mention that the flaw lies within the authplay.dll component, which all three vulnerable products use. By enticing one of your users to visit a web site or download a PDF file containing malicious flash content, an attacker could leverage this flaw to execute code with that users privileges. If your users have administrative or root privileges on the victim platform, the attacker would gain complete control.

As was the case during our first post, attackers have been exploiting this flaw in the wild (even before Adobe knew it existed). If you use the affected software (as most users do), we highly recommend you install Adobe’s updates immediately.

For more details about these update, see Adobe’s bulletins below:

  • APSB11-05: March 2011 Flash Player Update
  • APSB11-06 : March 2011 Reader and Acrobat Update

Solution Path:

Adobe has released Reader, Acrobat, and Flash Player updates to fix this flaw. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you. Note: Adobe has not yet released a Reader X update for this vulnerability, since Reader X’s default sand-boxing technology should protect you from this flaw by default.That said, we do expect a Reader X update at a later date.

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from downloading certain types of files via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of some of these vulnerabilities by blocking various Adobe-related files using your Firebox’s proxy services. Such files include, .PDF, .SWF, .DIR, .DCR, and .FLV. That said, many websites rely on these files to display interactive content. Blocking them could prevent some sites from working properly. Furthermore, many businesses rely on PDF files to share documents. Blocking them would affect legitimate files as well. For that reason, we recommend the updates above instead.

Nonetheless, if you choose to block some Adobe files, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block files by their file extensions:

Status:

Adobe has released updates to fix these vulnerabilities.

References:

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

3 Responses to “Adobe Patches Zero Day in Flash Player, Reader, and Acrobat”

  1. Yes, there’s nothading I like betadter than listenading to scary life tuthrs as told to me by monoadtone robotic voices on my iPod durading my 5am jog of a mornading.a0[Eeek!] | 10.01.08, 14:14

Trackbacks/Pingbacks

  1. Adobe Partially Corrects Flash Zero Day in Reader and Acrobat | WatchGuard Security Center - April 22, 2011

    […] lies within the authplay.dll Flash component, which has already been subject to a very similar  previous vulnerability. By enticing you into opening specially crafted, Word, Excel, or maybe even PDF documents, […]

  2. Adobe Partially Corrects Flash Zero Day in Reader and Acrobat | microreksa - April 25, 2011

    […] lies within the authplay.dll Flash component, which has already been subject to a very similar  previous vulnerability. By enticing you into opening specially crafted, Word, Excel, or maybe even PDF documents, […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: