Hackers Steal Source Code from Adobe

http://www.hyphenet.com/blog/hackers-steal-source-code-adobe/

Adobe has reveled that one of their servers has been hacked.  The hackers gained access to 2.9 million customer accounts and stole source code for at least two major products.

The hackers stole private consumer credit card information.  Adobe expresses that the data is encrypted and they believe the hackers have not broken into decrypted credit or debit card numbers.

They have not revealed how the data was encrypted, and are unclear how secure it is.

It looks like Adobe Acrobat and Adobe ColdFusion were the programs in which the source code was taken from.

This is the most devastating attack against Adobe, affecting PDF files and ColdFusion, which is used to created apps.

The Motive

Adobe believes the hackers stole source code to create ways to control computing devices and figure out secrets of the corporate networks.


http://www.hyphenet.com/blog/hackers-steal-source-code-adobe/

Luckily Adobe has every customers’ information encrypted, unlike Sony, which lost unencrypted payment credit card data in 2011 of 77 million PlayStation Networks and 25 million Sony Online Entertainment subscribers.

Hackers have obtained over 40 gigabytes of Adobe source code.  Now Adobe security is on high-alert and increase in Acrobat-related attacks are predicted.

Adobe has become the main target for hackers in the past two years.  Research has been uncovering a string of zero-day security holes, as hackers analyze the code for possible zero-day exploits.

References:
Adobe loses 2.9 mil customer records, source code – USA Today
http://www.usatoday.com/story/cybertruth/2013/10/03/adobe-loses-29-mil-customer-records-source-code/2919229/
Oct. 4, 2013
Adobe Gets Hacked, Product Source Code And Data For 2.9M Customers Likely Accessed – Tech Crunch
http://techcrunch.com/2013/10/03/adobe-gets-hacked-product-source-code-and-data-for-2-9m-customers-likely-accessed/
Oct. 3, 2013
zero-day exploit – Search Security
http://searchsecurity.techtarget.com/definition/zero-day-exploit

Adobe Patches Flash Again to Protect FireFox Users Against Malware Attacks

Adobe has released yet another emergency patch for Flash Player to fix three vulnerabilities, two of which cybercriminals are actively exploiting in attacks that target Firefox users.

The attacks are designed to trick users into clicking links pointing to a website rigged with malicious Flash (SWF) content. Adobe warns that the two vulnerabilities exploited in these attacks, CVE-2013-0643 (permissions issue with Flash Player Firefox sandbox) & CVE-2013-0648 (bug in ExternalInterface ActionScript feature) could allow an attacker to crash and take control of the affected system.

The third vulnerability, CVE-2013-0504 (buffer overflow) isn’t listed as a vulnerability actively being used in attacks, but it “can be used to execute malicious code.”

Naturally, Adobe recommends that users update their Flash Player to the latest version, regardless of their operating system or browser of choice.

Affected Flash Player Versions

Users can check what version of Flash Player they have installed by right-clicking on content running in Flash Player and selecting the 'About Adobe Flash Player' from the menu, or by visiting the About Flash Player page.

• Adobe Flash Player 11.6.602.168 and earlier versions for Windows


• Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh


• Adobe Flash Player 11.2.202.270  and earlier versions for Linux

New Flash Player Versions

Users can visit the Flash Player Download Center to download the latest version.

After updating their system, users should be running the following version of Flash Player:

• Adobe Flash Player 11.6.602.171 (Windows & Mac)


• Adobe Flash Player 11.2.202.273 (Linux)

[via Adobe Security Bulletin]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Patches 0-Day Flaws in PDF Reader & Acrobat

Adobe has released an emergency patch to fix two critical vulnerabilities in Adobe Reader & Acrobat 9.5.3, X and XI that cybercriminals are actively exploiting in targeted attacks.

The vulnerabilities in question, CVE-2013-0640, CVE-2013-0641 are the same ones that FireEye researchers spotted early last week.

Users are advised to update Adobe Reader and Acrobat as soon as possible due to the ongoing attacks. The exploit discovered by FireEye is the first to bypass the built-in sandbox security feature in Reader and Acrobat.

How to Update Adobe Reader

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows
  
  
  • Mac OS X
  
  
  • Linux
  
  
  
  

How to Update Adobe Acrobat

To update Adobe Reader, users can:

• Use the program’s built-in update mechanism, which is set to run automatic update checks on a regular schedule by default.


• Check for updates manually by going to Help -> Check for Updates…


• Manually download and apply the update:
  
  
  
  • Windows (Acrobat Standard, Pro & Pro Extended Users)
  
  
  • Mac OS X (Acrobat Pro)
  
  
  
  

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

Adobe Confirms 0-Days in PDF Reader & Acrobat, Says Patch in the Works

Adobe has confirmed the existence of two critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat that are actively being exploited in targeted attacks.

FireEye researchers first spotted the exploit earlier this week, and revealed attacks involved a malicious PDF disguised as an international travel visa application that would drop 2 DLLs onto the target system upon successful execution.

Although these attacks appear to target Windows users, Adobe’s security advisory notes that the vulnerabilities affect Adobe Reader & Acrobat for other operating systems:

• Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux


• Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh


• Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh


• Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Protect Yourself

Adobe is currently working on a patch to fix the security holes, and advises users to enable Protected View in the meantime:

• Menu -> Edit


• Selecting Preferences


• Clicking Security (Enhanced)


• Pick “Files from potentially unsafe locations”

Adobe also advised enterprise administrators that they can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. (More information on that here.)

Aside from that, try not to open any suspicious PDF files sent from untrusted sources (for instance, an unsolicited email).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

New Adobe PDF Reader & Acrobat 0-Day Exploit Spotted

FireEye is warning users not to open PDF files sent from unknown/untrusted sources following the discovery of a a new zero-day vulnerability that’s actively being exploited in-the-wild.

The attack begins with a booby-trapped PDF - which may be masquerading as an application for an international travel visa -that drops 2 DLL files on the target machine should the exploit code be executed successfully.

“The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks “ FireEye researchers explain in a Tuesday blog post, "The second DLL in turn drops the callback component, which talks to a remote domain. "

Zheng Bu, Senior Director of Security Research at FireEye told Threatpost that this exploit is the first to bypass the sandbox in Adobe Reader X and higher.

FireEye notified Adobe of the bug, and has agreed to avoid posting technical details of the zero-day until further notice. FireEye was able to successfully execute this attack in Adobe Reader 9.5.3, 10.1.5 and 11.0.1.

Adobe is currently investigating the bug and will release an update once they have more information.

Until then, be sure that you do not open PDF files from unknown or untrusted sources.

Update: Adobe has confirmed the vulnerabilities discovered by FireEye & promises to release a patch soon.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

New Adobe Reader X Zero Day Said to Bypass Sandbox

If you deal with a large number of PDFs, be sure that you’re not opening any sent from an unknown or untrusted source.

Brian Krebs of KrebsonSecurity.com warns that Group-IB, a computer security company based in Russia, claims to have discovered a new zero-day vulnerability in Adobe Reader X and XI that completely bypasses its built-in sandbox protection.

As if that news alone weren’t bad enough, Group-IB says that the vulnerability is up for sale in the criminal underground for $50,000 and has been added to a new, custom version of the infamous BlackHole Exploit Kit.

Frequent readers will recognize the BlackHole Exploit Kit name, as it is widely-used by cybercriminals and is often the driving force behind majority of drive-by-download attacks that we post warnings about.

The only limitations associated with this new zero day are the facts that it cannot be fully executed until the user closes their web browser or Reader window, and the attack has only been seen working against Windows.

Which, speaking of seeing things, Group-IB created a video demonstrating a “sanitized” version of the attack:

http://youtu.be/uGF8VDBkK0M

As for Adobe’s take on this, SCMagazine reports that the Adobe PSIRT (Product Security Incident Response Team) is communicating with Group-IB to determine whether or not this is in fact vulnerability and a sandbox bypass.

In the meantime, users should avoid downloading (and opening) random PDF files and maybe take a gander at other PDF readers Krebs suggests like Foxit, PDF-Xchange Viewer, Nitro PDF, and Sumatra PDF. Disabling the PDF reader browser plug-in won't eliminate all threats since trojanized PDFs that are downloaded and opened will still result in a successful attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Time to Update Flash: Adobe Patches 2 Critical Vulnerabilities

Were you prompted to update Flash this morning?

Yesterday Adobe released an early update for Flash player that addresses two critical vulnerabilities.

The update patches a memory corruption vulnerability in Matrix3D that could result in malicious code execution and integer errors that could lead to information disclosure.

Although there haven’t been any reports of the vulnerabilities being exploited in-the-wild, Adobe recommends that Windows, Mac, Linux, Solaris & Android users who have Adobe Flash Player 11.1.102.62 or earlier versions installed apply this update.

Adobe Flash vulnerabilities are often exploited by cybercriminals in drive-by-downloads and other malicious attacks, so it’s better to update and be safe rather than to drag your feet and be sorry.

To update Flash to version 11.1.102.63 (newest version), users can do one of the following:

• Download the update directly from the Adobe.com website.


• Run the built-in Adobe Flash update tool (Android users can download the update from the Android Marketplace).


• Wait for Flash to prompt you to download and install the updates.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

Adobe Warns of Acrobat & Reader 0-Day Vulnerability Under Attack on Windows

Careful with those PDF files, folks.

Adobe has issued a security advisory for zero day vulnerability within Adobe Reader X (10.1.1), along with earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier 9.x versions for Unix and Adobe Acrobat X (10.1.1) and earlier versions for Windows & Macs.

According to Adobe, the problem lies within an exploitable U3D memory corruption vulnerability that could cause a crash and potentially allow an attacker to take control of the compromised system.

Although the vulnerability affects multiple versions of Adobe Reader and Acrobat on numerous platforms, reports indicate that the flaw is only being actively exploited in limited, targeted attacks against Windows machines running Adobe Reader 9.x.

Adobe plans on releasing an out-of-cycle fix for Adobe Reader and Acrobat 9.x for Windows no later than sometime next week (the week of December 12, 2011) since these are the versions being actively targeted by attackers.

Patches for Adobe Reader X and Acrobat X for Windows and Mac, along with earlier versions for Mac and Adobe Reader 9.x for UNIX, will be released in the next quarterly update scheduled for Adobe Acrobat and Reader, which is January 10^th, 2012.

In a corresponding blog post, Brad Arkin of the Adobe Secure Software Engineering Team (ASSET) urges users running Adobe Reader or Acrobat 9.x to upgrade to Adobe Reader X or Acrobat X.

“We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!”

According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View prevent an exploit of this kind from executing.

Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.