October 29, 2015 
0 Comments
If you use Adobe Shockwave, it’s time to patch. This week, Adobe released an out-of-cycle update fixing a critical flaw in the popular multimedia player. Watch the video to learn more, including why I recommend against Shockwave.
(Episode Runtime: 1:10)
Direct YouTube Link: https://www.youtube.com/watch?v=LFKIM8k8nf8
EPISODE REFERENCES:
September 8, 2015 0 Comments
It’s the second Tuesday of the month, which means you’re in for a pile of Microsoft and Adobe patches. Watch today’s video for a quick summary of the issues, and how WatchGuard appliances can help.
(Episode Runtime: 1:42)
Direct YouTube Link: https://www.youtube.com/watch?v=DvHYJGpr4rc
EPISODE REFERENCES:
July 16, 2015 0 Comments
This Patch Tuesday, Adobe and Oracle shared the spotlight with Microsoft, releasing updates for well over 200 vulnerabilities. Furthermore, the patches included fixes for flaws leaked during The Hacking Team fiasco. Watch today’s video for details, and be sure to update as soon as you can.
Show Note: Due to continued travel, there will likely be no video on Thursday, though I will return with one on Friday. I’ll probably skip the weekly video this time due to the light week.
(Episode Runtime: 2:21)
Direct YouTube Link: https://www.youtube.com/watch?v=aoLhMVu4zzI
EPISODE REFERENCES:
February 12, 2014 1 Comment
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
In a security bulletin released Tuesday, Adobe warned of two critical vulnerabilities that affect Adobe Shockwave Player 12.0.7.148 for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail, only describing them as memory corruption vulnerabilities. The flaws share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit either of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
If you use Adobe Shockwave in your network, we recommend you download and deploy the latest version as soon as you can.
As an aside, Adobe also released a security bulletin last week, fixing a zero day vulnerability in Flash Player. If you happened to miss that update, be sure to install it as well.
Adobe has released a new version of Shockwave Player, version 12.0.9.149. If you use Adobe Flash in your network, we recommend you download and deploy this updated player as soon as possible.
Some of WatchGuard’s Firebox models allow you to prevent your users from accessing Shockwave content (.SWF) via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of this vulnerability by blocking .SWF files using your Firebox’s proxy services. That said, many websites rely on Shockwave for interactive content, and blocking it could prevent these sites from working properly.
Adobe has released a Shockwave Player update to fix these vulnerabilities.
December 10, 2013 1 Comment
Today, Adobe released two security bulletins describing vulnerabilities in Flash and Shockwave Player. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
Adobe’s bulletin describes two unspecified memory corruption vulnerabilities that affects Shockwave Player running on Windows and Macintosh computers.They don’t share any technical details about the flaw, but do share its scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit the flaw to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this vulnerability to gain full control of their computer.
Adobe Priority Rating: 1 (Patch within 72 hours)
Adobe’s bulletin describes two vulnerabilities in Flash Player running on all platforms, including one code execution flaw attackers are currently exploiting in the wild. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit the worst of these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe warns that attackers are exploiting this flaw in the wild. The attack arrives as a malicious Word document containing embedded Flash content. They have assigned these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux and Android devices. If you are a Windows Flash user, we recommend you apply this update immediately.
Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Keep in mind, if you use Google Chrome you’ll have to update it separately to get the latest Flash fixes.
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave and Flash. This, however, blocks both legitimate and malicious content. If you do want to block this content via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
November 12, 2013 4 Comments
Today, Adobe released two security bulletins describing vulnerabilities in Flash Player and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
Adobe Flash Player displays interactive, animated web content called Flash. Many users install Flash, so it’s likely present on many of your Windows and Mac computers.
Adobe’s bulletin describes two unspecified memory corruption vulnerabilities in Flash Player running on all platforms. Though the flaws presumably differ technically, they share the same scope and impact. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe assigned these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux machines.
Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)
Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities, which Adobe does not describe in much technical detail; a reflected cross site scripting (XSS) vulnerability (CVE-2013-5326), and an unauthorized remote read access flaw (CVE-2013-5328). Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. Presumably, if an attacker could trick someone in clicking a specially crafted link, he could leverage the XSS flaw to do anything on your web site that the user could. We also assume an attacker could exploit the remote read flaw to potentially gain access to files on your server, such as its web application source code. In any case, they rate the vulnerabilities as Priority 1 issues for version 10, which is their high severity rating.
As an aside, Adobe’s own network was recently breached via a zero day flaw in ColdFusion. Adobe claims these ColdFusion issues are not associated with their network breach. However, the discoverer of one of the issues, Alex Holden, was actually one of the researchers who uncovered Adobe’s data breach, and he claims one of the flaws has been used by attackers this year to break into other companies. In other words, you should apply these updates immediately if you use ColdFusion
Adobe Priority Rating: 1 for version 10 (Patch within 72 hours)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
September 10, 2013 2 Comments
Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and Reader (and the related Acrobat). A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
Adobe’s bulletin describes two unspecified memory corruption vulnerabilities that affects Shockwave Player running on Windows and Macintosh computers.They don’t share any technical details about the flaw, but do share its scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit the flaw to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this vulnerability to gain full control of their computer.
Adobe Priority Rating: 1 (Patch within 72 hours)
Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.
Adobe’s bulletin describes eight vulnerabilities that affect Adobe Reader and Acrobat X 11.0.03 and earlier, running on Windows or Mac. Adobe’s alert only describes the flaws in minimal detail, but most of them involve memory corruption-related vulnerabilities, such as buffer overflow and integer overflow issues, and so on. For the most part, they share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit many of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.
Adobe Priority Rating: 2 for version 10 (Patch within 30 days)
Adobe’s bulletin describes four vulnerabilities in Flash Player running on all platforms. More specifically, the flaws consist of various unspecified memory corruption flaws. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe assigns these flaws their highest severity rating for Windows and Mac computers, but a lesser severity for Linux and Android devices.
Adobe Priority Rating: 1 for Windows and Mac (Patch within 72 hours)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Keep in mind, if you use Google Chrome you’ll have to update it separately.
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash, Shockwave, or Reader files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave, Flash, or Reader content. This, however, blocks both legitimate and malicious content. If you do want to block this content via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
July 9, 2013 1 Comment
Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
Adobe’s bulletin describes three vulnerabilities in Flash Player running on all platforms. More specifically, the flaws consist of various memory corruption flaws, including a buffer overflow and integer overflow flaw. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe assigns these flaws their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.
Adobe Priority Rating: 1 for Windows (Patch within 72 hours)
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
Adobe’s bulletin describes an unspecified memory corruption vulnerability that affects Shockwave Player running on Windows and Macintosh computers.They don’t share any technical details about the flaw, but do share its scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit the flaw to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this vulnerability to gain full control of their computer.
Adobe Priority Rating: 1 (Patch within 72 hours)
Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities that Adobe does not describe in much technical detail. They describe one flaw as a vulnerability that permits an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets (CVE-2013-3350), and the other as a flaw an attacker could leverage to cause a denial of service (DoS) condition. Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. They rate the issues as Priority 1 for ColdFusion 10 and Priority 2 for version 9.
Adobe Priority Rating: 1 for version 10 (Patch within 72 hours)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
May 15, 2013 1 Comment
Yesterday, Adobe released three security bulletins describing vulnerabilities in Reader and Acrobat, Flash Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. Attackers have been exploiting one of the ColdFusion issues in the wild, so we recommend you patch quickly.
The summary below details some of the vulnerabilities in these popular software packages.
Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.
Adobe’s bulletin describes 27 vulnerabilities that affect Adobe Reader and Acrobat X 11.0.2 and earlier, running on any platform (Windows, Mac, Linux). Adobe’s alert only describes the flaws in minimal detail, but the majority of them involve memory corruption-related vulnerabilities, such as buffer overflows, integer overflows, use-after-free issues, and so on. For the most part, they share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit many of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.
Adobe Priority Rating: 2 (Patch within 30 days) for most, though 1 for Windows systems with 9.x and below
Adobe’s bulletin describes 13 vulnerabilities in Flash Player running on all platforms (including Linux and Android). More specifically, the flaws consist of various memory corruption flaws. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
Adobe rates these flaws with their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.
Adobe Priority Rating: 1 for Windows (Patch within 72 hours)
Adobe ColdFusion is an application server that allows you to develop and deploy web applications. This bulletin fixes two serious vulnerabilities; one of which attackers are currently exploiting in the wild. We mentioned this zero day flaw in passing during last week’s security news video. Adobe’s bulletin doesn’t share many details, but the primary flaw is a remote code execution vulnerability. If you expose certain default ColdFusion directories, an attacker could exploit this flaw to execute code on you web server simply by sending specially crafted HTTP packets. Though not quite as bad, the second vulnerability allows attackers to remotely retrieve sensitive files from your server. Adobe rates these flaws Priority 1, so we highly recommend ColdFusion administrators update immediately–especially if you have public facing servers.
You can find a bit more detail about the zero day ColdFusion flaw in a security advisory Adobe released earlier this month.
Adobe Priority Rating: 1 (Patch within 72 hours)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Reader files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Reader or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Reader via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
April 9, 2013 2 Comments
Today, Adobe released three security bulletins describing vulnerabilities in Flash Player, Shockwave Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
Adobe’s bulletin describes four vulnerabilities in Flash Player running on all platforms. More specifically, the flaws consist of various memory corruption and integer overflow flaws. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.
They assign these flaws their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.
Adobe Priority Rating: 1 for Windows (Patch within 72 hours)
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
Adobe’s bulletin describes four security vulnerabilities that affect Shockwave Player running on Windows and Macintosh computers. All of the flaws consist of memory corruption issues (one being a buffer overflow) that share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
Adobe Priority Rating: 1 (Patch within 72 hours)
Adobe ColdFusion is an application server that allows you to develop and deploy web applications. It suffers from two security vulnerabilities that Adobe does not describe in much technical detail. They describe one flaw as a vulnerability that allows an attacker to impersonate an authenticated user (CVE-2013-1387), and the other as a flaw that could allow an unauthenticated attacker to gain access to the administrative console. Other than that, the bulletin shares very little about the scope or impact of these flaws, so we’re unsure how easy or hard it is for attackers to leverage them. They rate both vulnerabilities as Priority 2 issues, which is essentially their medium severity rating.
Adobe Priority Rating: 2 (Patch within 30 days)
Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Shockwave files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Shockwave or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Shockwave via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.
Adobe has released patches correcting these issues.
This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)
WatchGuard Security Center 