Gladiator Research and Security

GSA Reference Number: AD110412-01

Simply Put: Adobe has released a new security advisory regarding a critical vulnerability in Adobe Flash Player, Reader, and Acrobat.  The vulnerability could cause the programs to crash and possibly allow remote code execution.  These vulnerabilities are reportedly being exploited by malware authors at this time.  The attacks are being delivered in Word documents as email attachments.  No patch is available at this time.  Gladiator recommends that institutions inform their users of this threat and tell them not to open any Word document attachments without checking with their information security officer.

GSA Reference Number: AD110208-01

Simply Put: Adobe has released an update for Adobe Reader versions 9.4.2 and 10.0.1.  These latest versions address serious vulnerabilities and added security enhancements.

GSA Reference Number: AD101117-01

Simply Put: Adobe has released an update for Adobe Acrobat and Reader versions 9.4 and earlier. This update fixes a publicly disclosed vulnerability that is currently being used to attack systems on the Internet.  This is a critical issue, and the patch should be applied as soon as possible.

GSA Reference Number: AD101105-01

Simply Put: Multiple Adobe products are vulnerable to some new high-risk remote code execution issues.  First off, Adobe Flash Player versions earlier than 10.1.85.3 have critical vulnerabilities that can be exploited by an attacker to take control of affected systems.  Adobe has released an update for Flash.  Second, Adobe Acrobat and Reader versions 9.4 and earlier are vulnerable to a similar issue because they implement Flash features through an authplay.dll file that can be called from a PDF.  Finally, Adobe Shockwave Player is vulnerable to attack through a remote code execution issue, as well.  There are no patches available for the Adobe Acrobat, Reader or Shockwave Player vulnerabilities.

Abobe has just released its quarterly security updates early to address critical vulnerabilities in Adobe Reader.  Gladiator strongly advises that users patch all devices as soon as possible as some of the Adobe Reader and Flash vulnerabilities could allow remote code execution. Currently, all Adobe installations prior to versions 9.4 or 8.2.5 (for the non v9 code base) are affected by the vulnerabilities.  Affected software can be updated using the Adobe update manager or by visiting Adobe’s download pages to obtain the latest version.  You can read more about the vulnerabilities and solutions here at Adobe’s security blog.

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat.  This patch addresses additional issues as well.  Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.

GSA Reference Number: AD100607-01

Simply Put: Adobe has released an advisory for a critical vulnerability in Adobe Flash.  Adobe Reader and Acrobat are also exploitable through the authplay.dll component included with Adobe Reader and Acrobat 9.x.  This vulnerability can lead to remote code execution and are already the target of malware authors.  No patch is available at this time.  However, Adobe has provided workarounds in its advisory.