Flash Vulnerability Can be Contained in Web Page, Air Application or PDF File
Friday, July 24, 2009 at 05:28PM
drStrangeP0rk in Adobe, Exploits, Flash, Zero Day

Adobe Flash Player has a vulnerability which an attacker is able to use a specially crafted Flash (.SWF) content and gain access to a users system. The exploit allows an attacker to execute code and gain that users access privileges. Several sites have been compromised and it is possible to be delivered by a drive by download attack. This affects specifically Flash, it is important to remember that viewing this type of content in a Web Browser or other applications such as Acrobat it is possible that the system can be compromised and Trojan type software can be installed. It is recommended by Adobe to delete the following two files from the Acrobat Reader application from the terminal.

 

 

Make sure that you use the quotes to allow for spaces and special characters. Users should also set their Flash Preferences to limit content and control privacy settings. If you are using Firefox for Web Browsing make sure to use the No-Script plug-in.

Another alternative for PDF file viewing is to make sure that Preview.app is the default application for PDF files.

Update on Friday, July 24, 2009 at 06:13PM by Registered CommenterdrStrangeP0rk

Adobe should have a patch around July 30 for Flash. It appears that Windows is the primary target, it can causethe application at the very least to crash. What is also important to remember is that altering the application bundle and removing the files listed above also will cause Acrobat Reader to crash if Flash content is within the file. If you are using Acrobat Professional you should delete the files and make sure that Multimedia Trust is set to prompt for all media. This includes Flash, thus users have to approve the media before it runs. This does not stop this Trojan since it loads within the embedded page. This is just a good practice.

Update on Friday, July 24, 2009 at 09:05PM by Registered CommenterdrStrangeP0rk

Interesting article on the Adobe update process.

http://www.computerworld.com/s/article/9135740/Adobe_admits_users_vulnerable_after_downloading_Reader

Update on Saturday, July 25, 2009 at 07:34AM by Registered CommenterdrStrangeP0rk

The vulnerability does not currently affect PDF that are opened in Preview.app that have the embedded Flash (.SWF) content. Although blocking the PDF file type at your proxy is a good idea for mixed networks, if you need to read PDF's using Preview.app is a safe bet. 

Update on Saturday, July 25, 2009 at 09:39AM by Registered CommenterdrStrangeP0rk

Link to uninstalling the Adobe Flash Player.

http://kb2.adobe.com/cps/141/tn_14157.html

Update on Friday, July 31, 2009 at 07:33PM by Registered CommenterdrStrangeP0rk

Updates are available for Flash, Air and Acrobat. Many of these updates address the issues related to Flash Player in various Adobe products. The vulnerability was in Flash, thus any application that ran Flash content could be affected.

http://www.adobe.com/support/security/bulletins/apsb09-10.html

Update on Monday, August 17, 2009 at 07:43PM by Registered CommenterdrStrangeP0rk

Click to Flash for Safari is an excellent WebKit plugin that allows the user to select Flash content to view. You can also setup white list and black list.

http://rentzsch.github.com/clicktoflash/

Article originally appeared on magmatic.com (http://www.magmatic.com/).
See website for complete article licensing information.