Flash Vulnerability Can be Contained in Web Page, Air Application or PDF File
Friday, July 24, 2009 at 05:28PM Adobe Flash Player has a vulnerability which an attacker is able to use a specially crafted Flash (.SWF) content and gain access to a users system. The exploit allows an attacker to execute code and gain that users access privileges. Several sites have been compromised and it is possible to be delivered by a drive by download attack. This affects specifically Flash, it is important to remember that viewing this type of content in a Web Browser or other applications such as Acrobat it is possible that the system can be compromised and Trojan type software can be installed. It is recommended by Adobe to delete the following two files from the Acrobat Reader application from the terminal.
- "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle"
- "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework"
Make sure that you use the quotes to allow for spaces and special characters. Users should also set their Flash Preferences to limit content and control privacy settings. If you are using Firefox for Web Browsing make sure to use the No-Script plug-in.
Another alternative for PDF file viewing is to make sure that Preview.app is the default application for PDF files.
drStrangeP0rk
Adobe should have a patch around July 30 for Flash. It appears that Windows is the primary target, it can causethe application at the very least to crash. What is also important to remember is that altering the application bundle and removing the files listed above also will cause Acrobat Reader to crash if Flash content is within the file. If you are using Acrobat Professional you should delete the files and make sure that Multimedia Trust is set to prompt for all media. This includes Flash, thus users have to approve the media before it runs. This does not stop this Trojan since it loads within the embedded page. This is just a good practice.
drStrangeP0rk
Interesting article on the Adobe update process.
http://www.computerworld.com/s/article/9135740/Adobe_admits_users_vulnerable_after_downloading_Reader
drStrangeP0rk
The vulnerability does not currently affect PDF that are opened in Preview.app that have the embedded Flash (.SWF) content. Although blocking the PDF file type at your proxy is a good idea for mixed networks, if you need to read PDF's using Preview.app is a safe bet.
drStrangeP0rk
Link to uninstalling the Adobe Flash Player.
drStrangeP0rk
Updates are available for Flash, Air and Acrobat. Many of these updates address the issues related to Flash Player in various Adobe products. The vulnerability was in Flash, thus any application that ran Flash content could be affected.
http://www.adobe.com/support/security/bulletins/apsb09-10.html
drStrangeP0rk
Click to Flash for Safari is an excellent WebKit plugin that allows the user to select Flash content to view. You can also setup white list and black list.
Reader Comments