Adobe and Apple issue patches
Adobe has released a patch for the Flash player to fix the recent critical vulnerability.
As announced by SC Magazine yesterday, the patch for the flaw, which could cause a crash and potentially allow an attacker to take control of the affected system, had been moved forward by a week and affects all platforms.
Adobe said that there were reports that the vulnerability was being actively exploited in the wild against Adobe Flash Player on Windows, although it was not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe categorised the vulnerability as critical and recommended affected users update their installations to the newest versions. Adobe thanked Bo Qu of Palo Alto Networks for reporting the relevant issue and for working with it.
Chester Wisniewski, senior security advisor at Sophos Canada, said: “This is a critical fix that I highly recommend you install immediately. This attack has been used in the wild since at least early September. Updates for Adobe Reader and Acrobat fixing this flaw and others will be released on 4th October.
“Interestingly Google Chrome users received the updated version of Flash in an update that occurred automatically on 17th September. I am quite a big fan of the integrated PDF viewing, Flash and other add-ons in Chrome that are always transparently updating. If you are a Linux user running a 64 bit variant Adobe has also released a beta release of Flash player compiled for x64 architecture.”
Jonathan Leopando at Trend Micro, said that it had detected malicious ShockWave Flash (.SWF) files exploiting this vulnerability as TROJ_SWIF.HEL and functions as a malware downloader from other sites.
He said: “It connects to certain URLs, which lead to files detected as BKDR_POISON.AKD that, in turn, connect to a remote box somewhere in Korea. BKDR_POISON variants typically opens a hidden Internet Explorer browser to connect using certain ports.
He said: “Interestingly, TROJ_SWIF.HEL also displays an image of a waterfall via a second embedded SWF file, which is possibly used to trick users into thinking that they've opened a normal PDF file.”
Apple also released a patch for its OS X Snow Leopard today that fixes a flaw in the Apple Filing Protocol. The flaw would allow a remote attacker to access shared folders on an OS X system to bypass password validation, but only if they know the account name on the target system.
“This is a critical fix as it allows unauthenticated access to AFP file shares on Snow Leopard computers. To apply the fix simply click the Apple in the upper-left corner and choose Software Update,” said Wisniewski.