UPDATED 11:50 EDT / MAY 11 2012

NEWS

Adobe Addresses Vulnerabilities in Defense Industry, Recommends Upgrades

Flash Player vulnerabilities are pretty much one of the most common issues that everyone who uses a web browser faces. A recent attack via custom crafted e-mails with malicious attachments infected Adobe Flash Player on Internet Explorer for Windows platforms and targeted defense-related businesses. Alarming as it is, any intrusion on the line of this industry may not only expose trade secrets, but also place nations’ welfare and physical and virtual security at high risk. But, Adobe was relatively quick to respond and released a security bulletin to rebuild the confidence of the users in the system and updated Flash Player version.

Affected versions of the recent attacks include Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems and Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. In a Symantec blog post, the security giant provided details on the attacks and how these are aimed at the manufacturers of products used by the defense industry: “The malicious documents contain an embedded reference to a malicious Flash file hosted on a remote server. When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk, and executes it.”

SecurityWeek also noted a statement from the cloud, virtual and mobile security solutions provider: “The malware authors created several junk documents for such display. Some used scraps of information from public press releases and some were written with the pretext of inviting the recipient to conferences. Others contained random data.”

Adobe recommends existing users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux to update to Adobe Flash Player 11.2.202.235. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices are advised to upgrade to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and update earlier versions for Android 3.x and earlier versions should to Flash Player 11.1.111.9. Google Chrome was updated automatically, thus, no user action is deemed critical.

This was not the first time that Adobe had to firefight a security concern. It was in December of the previous year when researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange discovered that a number of Adobe products are being exploited by hackers. Engineers at Adobe were quick to respond and promised resolution within a week’s time. It was also the same time when Symantec confirmed an attack of Trojan Sykipot against defense contractors. Together with other companies, defense contractors also phishing attempts circulating using maliciously coded e-mails containing infected PDF documents.

Adobe launched an improved Flash Player in February but insecurities are reported to still be existing and threatening the system once aggravated of fueled by malicious attacks. Just recently, Microsoft patched a zero-day flaw in Hotmail.

 


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU