Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Pez
« on: 25. February 2014., 10:43:44 »

Some more about this:

Flash Zero-Day Vulnerability CVE-2014-0497 Lasts 84 Days

On February 4, Adobe released an out-of-band security update addressing a critical remote code execution vulnerability that is currently being exploited in the wild, according to the vendor’s blog post.

Our research team quickly responded to this threat, and we have already provided various protections through our products. (For details, check here.) We have learned that this vulnerability lies in the ActionScript Virtual Machine (AVM) implementations. Attackers can easily develop highly reliable exploits based on this vulnerability, so we strongly suggest that users immediately update their Flash Players.

Because the fault sits in the AVM, the weakness usually should affect almost every Flash Player version. However, according to our tests, we found that some old Flash Player versions are not affected by this vulnerability. We tested a number of recent releases (source). Here are the results



This AVM-based vulnerability was introduced in the update of November 12, Version 11.9.900.152 or 11.7.700.252 (for Windows). Calculating the “lifetime” of this vulnerability, we see it survived for 84 days (or 12 weeks) until February 4.

Understanding the precious affected versions not only helps us understand the vulnerability more deeply, but also provides us a trustworthy way to evaluate the risk that the in-the-wild exploit poses. This case also highlights that product/security updates can not only fix vulnerabilities, but also can introduce new vulnerabilities, especially when new features are introduced.

Users of older Flash Players (specifically, those older than Versions 11.9.900.152 or 11.7.700.252) should still perform security updates. They may be lucky to not be affected by this particular threat, but all versions of Flash are at risk for other exploits.

Stay secure.

Thanks to my colleagues Jun Xie, Bing Sun, Chong Xu, and Xiaoning Li (Intel Labs) for their help with this analysis.



Original article: By Haifei Li on Feb 07, 2014
Posted by: Samker
« on: 23. February 2014., 09:58:11 »



Adobe has acknowledged a serious vulnerability in its Flash player plugin and has issued a fix to address the issue within hours of a report published by security software firm, FireEye.

According to FireEye: http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html , the zero-day exploit was used by attackers to target visitors of the websites of three nonprofit organizations; Peterson Institute for International Economics, American Research Center and Smith Richardson Foundation. The visitors to these websites were redirected to an exploit server using code-injection.

FireEye has identified the attack as codename GreedyWonk and believes that the perpetrators who allegedly speak Chinese, "have sufficient resources (such as access to zero-day exploits) and a determination to infect visitors to foreign and public policy websites." The attackers behind GreedyWonk are likely seeking sensitive government data similar to a recent report, as two out of the three websites deal with matters of national security and public policy: http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/

The exploit is reported to affect users with Windows XP, Windows 7 running Java 1.6 and those running Microsoft Office 2007 or 2010 without the latest updates. Adobe has been quick to update Flash player with a fix for the reported exploit and has urged users to update the plugins in case they have disabled the automatic updates: http://helpx.adobe.com/security/products/flash-player/apsb14-07.html

(NW)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising