Adobe has released its emergency patch after a string of events in the past nearly ten days on dealing with a zero-day vulnerability. This was originally reported by FireEye in a blog post.
The FireEye blog stated the following:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
After that was published, the FireEye researchers sent the bug report & sample to Adobe. Soon after, Adobe released a notification that there is a problem.
Eventually, Adobe detailed this past weekend that a patch would be available next week…well it’s here.
Adobe released its patch yesterday, in efforts to remediate the situation.
According to Adobe, the following versions are now available:
- Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
- For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
- For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
- Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
- Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
- Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
- Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.
Election Day brings Adobe’s critical updates for Flash and AIR, so update today to fix seven (7) vulnerabilities.
Updates are currently available as follows:
- Windows & Mac – 11.5.502.110
- Linux – 22.214.171.124
- Android 4.* – 126.96.36.199
- Android 3.* & 2.* – 188.8.131.52
- Google Chrome automatically updates the Flash version built in.
- Windows, Mac, SDK for iOS and Android – 184.108.40.2060
Be sure to download the Flash updates for both Internet Explorer, and then for Firefox/Safari/Opera/Other browsers.
Also, note Windows Update will help install the updates in Windows 8/IE 10, reference here
Most malware analysis these days targets Windows machines. However, trojans are becoming more interesting. Hackers create these trojans, and want to get backdoor access to any machine.
Trojan malware has stepped up game. Hackers want more access, so trojans are being created to target multiple platforms. Imagine the payload of a trojan being targeted to Windows, Mac, and Linux.
Due to recent discoveries of this multi-platform malware in a Columbian Transport site. A JAR (java archive) is used to detect what OS the user is running, and then the trojan is sent to infect the specific OS. And of course, this is all too similar to the Boonana Worm. Or how about the first cross-platform worm: Badbunny. Yeah, not so dumb now.
Keep an eye out or ear open for the latest in multi-platform malware. Predictions show that this will be an ongoing problem. Good thing we’ve nipped it in the bud. But, of course, studying all of the latest new threats is a key target here at seCURE Connexion.
One of the main things we look for in malware now has to do with whether or not it is multi-platform. If it has different inferences for different platforms, we want to discover it.
Also, one thing to keep in mind, that this is also a way to exploit Java by using it to gain temporary access to the operating system in question, and then gaining permanent access afterward by infecting the system. It’s an exploit-in-depth process to make sure each exploit is targeted at the said platform.
Web-based malware is also increasing, and languages like Ruby, Java, and Flash are all at risk. Since they are web-based languages, they need to be watched for vulnerabilities much closer than basic software languages, such as C++, C#, Delphi, etc.
What is even more interesting is the factors it uses to infect the system as well. Exploit traps work best, when they evade antivirus programs, know what platform they will be working on, and if the vulnerability exists to conduct the exploit. This is what we call “exploit-in-depth” (EID).
How can we counter this EID? By conducting defense-in-depth control over our computers. No matter the type of OS you have, the danger for malware will lurk around.