Posts Tagged Adobe
Adobe Apologized for a 16 month-old-Bug
Posted by Mourad Ben Lakhoua in News, Software Security, Vulnerabilities, Vulnerabilities & attacks, Web Security on February 9, 2010
Adobe Company has officially apologized for the flash player 16 month old vulnerability that is still not fixed.
According to Adobe the bug has been eliminated in the beta flash player 10.1, but there still not yet a stable version for this release.
The bug officially was reported on the 22nd of September 2008 and all Flash player plug-in since the 9th version are affected. Many hackers used this gap to inject malicious code on victim’s machine.
Currently Adobe experts provided a special web page to check this vulnerability. The exploit really work you can test it following this link but before clicking you should make sure that you have another page open on the same browser.
Adobe Product Manager Emmy Huang promised that on the next Flash player 10.1 releases the vulnerability will be fixed without giving any sign on the final version date.
you can install the Adobe Flash Player 10.1 from Here.
make sure you subscribe to my RSS feed!
Adobe Fixes Five Critical Vulnerabilities in Shockwave
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on November 6, 2009
New set of patches have been released by Adobe to fix 5 critical vulnerabilities in the Shockwave player.
Adobe invites all shockwave users to update immediately there flash players, Four of these five bugs allows an attacker to execute a malicious code remotely which have been discovered by VUPEN security researchers.
According to the research lab, the Adobe vulnerability includes a violation in the memory information integrity, pointers and wrong indexing when a malicious content processed. All these errors can be used by an attacker to compromise a vulnerable system and exploit it when visiting a customized website regardless of your browser (IE or Firefox).
This is concerning the first four bugs while the last one is related to the boundary conditions Issues and can be used to cause a DoS-attack. here you can find the Security bulletin by Adobe.
make sure you subscribe to my RSS feed!
Hotfixes for ColdFusion and JRun
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on August 19, 2009
Adobe system has released updates covering vulnerabilities in two application widely used for web development. Some vulnerability allows an attacker to steal sensitive information or gain a complete control over user’s machines.
Seven patches are related to ColdFusion v8.0.1 and earlier versions, and JRun 4.0. The most serious bug is related to cross-site scripting in which an attacker can execute a malicious code on the victim computer.
Other updates are to fix the management console access. This hole allows unauthorized user to bypass the restrictions on the private directories, on Tuesday there is an example of the link that can exploit this vulnerability which is approximately as follows:
http://[server]/server/[profile]/logging/logviewer.jsp?logfile=../../../../../../../boot.ini
Three weeks ago security specialists at adobe had also released a patch for Flash player a bug that offered criminals a way to hack user’s machine. Last month there were also a patch for ColdFusion a hole that offered attackers a way to compromise a large number of websites.
Well the company reported that it was unaware of the real exploit existence and released a security bulletin study for this bug.
make sure you subscribe to my RSS feed!
Acrobat Reader 0-Day
Posted by Mourad Ben Lakhoua in News on February 21, 2009
According to Shadowserver, There is a new Acrobat 0-day in the wild. They say you can avoid it by turning off Javascript inside of your Adobe Acrobat products.
Please see Shadowserver’s write up: here for more information
SUBSCRIBE
Latest Comments