Posts Tagged ‘Adobe Reader’

Adobe LogoTuesday Updates – Adobe Security Bulletins (December 9, 2014)

The security updates affect products such as Adobe Flash Player, Adobe Reader, Adobe Acrobat and Adobe ColdFusion.

December 9 this year in the “Tuesday Updates” Adobe has released three security bulletins. They fix 27 vulnerabilities in products such as Adobe Reader, Adobe Acrobat, Adobe Flash Player and ColdFusion.

1. The first bulletin (ID: APSB14-27)fixes six vulnerabilities in Adobe Flash Player, one of which is critical. One of the flaws are being actively exploited by cybercriminals, in connection with which the company has assigned the highest priority update. (more…)

Adobe Reader logoCyber Security Notifications: New Vulnerabilities of September 2014

Vulnerabilities: Bypass security restrictions in Adobe Reader and Adobe Acrobat

Danger level: High
Availability fix: No
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: U / RL: U / RC: C) = Base: 6.8 / Temporal: 5.8

Vector operation: Remote
Impact: Security Bypass (more…)

Adobe Logo

Vulnerabilities in Adobe Reader

The Adobe Systems company has released an update for Flash Player, Reader, Acrobat and Shockwave Player, designed to eliminate critical vulnerabilities that could allow hackers to gain remote control over the victim’s computer.

Flash Player update includes patches for four vulnerabilities that could allow an attacker to execute arbitrary code. Updated versions of Flash Player for Windows ( new version 11.8.800.168), Mac OS X (11.8.800.168), Linux (11.2.202.310) and Android (11.1.111.73).

Web browsers Google Chrome and Internet Explorer 10, will receive the updates automatically.

Similar vulnerabilities have been fixed in a cross platform environment Adobe AIR, which is also equipped with Flash Player. A new version of AIR for Windows, Mac OS X and Android – 3.8.0.1430. (more…)

McAfee logo

Vulnerabilities in Adobe Reader

New vulnerabilities in Adobe Reader

The anti-virus company McAfee reported about detection of new vulnerability in Adobe Systems Reader software, which manifests itself in the moment when the user already opened and looks through the PDF-file by means of this program. The company said that the vulnerability is not critical and does not allow for remote code execution. At the same time, the anti-virus company reports that has notified Adobe about the problem.

Haifei Li, anti-virus analyst of McAfee, said that they discovered the unusual behavior of the system when they were working with files in PDF. According to him, the company has transferred to Adobe detailed information about the vulnerability, and before the release of the corresponding patch it will not disclose technical information about the bug. (more…)

Adobe Reader logoAdobe Systems on Sunday reported that this week will release an emergency patch for two critical zero-day vulnerabilities in the product Adobe Reader, designed to work with PDF-files.

The company said that the vulnerability, which is planned for release fixes are already being used by hackers. The company does not say when it will fix, says only that it will happen this week.

According to Adobe, the vulnerability of the first became known on Thursday, it affects Reader versions for Windows, OS X and Linux. As an independent company FireEye, Adobe is sending information about the vulnerability, report that they have identified the vulnerability of February 13, but even then attackers used a bug in Adobe Reader. we know that a bug related to setting aside “sandbox” in Reader 10 and 11. (more…)

System compromise in Adobe products

System compromise in Adobe products

Vulnerability: System compromise in Adobe products

Danger level: Critical
Availability of fixes: Instructions on elimination
Number of vulnerabilities: 1

CVE ID: CVE-2013-0640
CVE-2013-0641
Vector of operation: Remote
Impact: System Compromise

Exploited by active exploitation of the vulnerability
Affected Products: Adobe Reader 9.x
Adobe Reader X 10.x
Adobe Reader XI 11.x
Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Acrobat XI 11.x (more…)

Adobe Logo

Vulnerabilities in Adobe Reader

The flaw allows a potential attacker to remotely execute arbitrary code.

Zero day vulnerability was discovered in the popular software Adobe Reader, allows you to execute arbitrary code on the target system. This in his report the researchers reported FireEye, who happened to encounter with an infected PDF-document capable of compromising computers based on Windows.

When trying to open a malicious file, is running two dll-libraries, one of which is designed to conceal the fact of infection. It gives the user an error message while working on a document. Second library contains a component that provides for the connection to the remote server attacks.

According to FireEye, vulnerable to this attack were such versions of Adobe Reader, as 9.5.3, 10.1.5 and 11.0.1. Older versions may also be exposed to the threat. Currently, researchers have already submitted details of the detected flaws developers. (more…)

Hackers attackGroup IB researchers discovered a vulnerability in Adobe Reader X and XI, which is actively exploited by hackers.

Experts of Group IB discovered a vulnerability in Adobe Reader version X and XI, which is actively exploited by virus writers. This vulnerability allows a remote user to execute arbitrary code on the target system, for which the victim to open a specially crafted PDF file in a browser or Adobe Reader.

According to researchers, this vulnerability is exploited in some versions of banking Trojans, such as Zeus, Spyeye, Carberp, Citadel. Cost to exploit this vulnerability is estimated between $ 30,000 to $ 50,000.

“Successful exploitation of this vulnerability requires special conditions: for example, to implement the unauthorized execution of arbitrary code, you must close the Internet browser or restart it, – said the director of international projects, audit and consulting Group-IB Andrey Komarov. – Another option is to initialize the exploitation of interaction with the user, according to which the victim required to approve any action in the context of an open document, and then execute the malicious code. ” (more…)

Adobe Reader logo

System compromise in Adobe Reader

Severity Rating: Critical
Quantity of vulnerabilities: 1
Impact: System Compromise

Exploited by active exploitation of the vulnerability
Affected Products: Adobe Reader 11.x
Adobe Reader X 10.x

Affected versions:
– Adobe Reader 10.x
– Adobe Reader 11.x (more…)

Kaspersky Lab

main types of vulnerable applications

Kaspersky Lab has identified five main types of vulnerable applications, which using exploits. The study of viral activity in the third quarter of 2012, more than 50% of the attacks were used loopholes in Java. Updates of the software installed on the user’s request, not automatically, which increases time life of the vulnerability. Java exploits are fairly easy to use under any version of Windows, and with some work attackers, as was the case with Flashfake, the exploit can be cross-platform. This explains the special interest cybercriminals java-vulnerabilities.

In second place attack through Adobe Reader, which accounted for a quarter of all reflected attacks. Gradually popular exploits this application is reduced, due to the rather simple mechanism for their detection and automatic updates introduced in the latest version. About 3% of the attacks were in exploits the vulnerability in Windows Help and Support Center, as well as various vulnerabilities in the browser Internet Explorer.

Errors in Flash-player files are subject to scrutiny intruders. According to Kaspersky Security Network system for the third quarter of 2012, the ten most common vulnerabilities were two “representative» Adobe Flash. Close the top five exploits for devices running Android OS. Their main goal – to make imperceptible “jailbreak” and provide any programs, including malware, full access to the memory and features of the phone or tablet. (more…)