Homeland Secure IT Alert for Thursday, August 26th 2010
I know it seems like it never ends… Adobe Reader, Adobe Acrobat, Adobe Flash, Adobe Air, Java, Windows, Mac, one update and patch after another following these security announcements….
The vulnerability de jour is brought to you by Adobe, and it affects Shockwave player on Macintosh OSX and Windows platforms. The short and skinny is – update today, don’t delay…. What follows is information sent out courtesy of WatchGuard who makes a fantastic line of Firewalls, Network Security and Unified Threat Management Appliances for every application. We are proud to partner with WatchGuard and offer their products.
Adobe Shockwave Update Corrects 20 Security Flaws
Severity: Medium
25 August, 2010
Summary:
- This vulnerability affects: Adobe Shockwave Player 11.5.7.609 and earlier, running on Windows and Macintosh computers
- How an attacker exploits it: By enticing your users into visiting a website containing malicious Shockwave content
- Impact: An attacker can execute code on your computer, potentially gaining control of it
- What to do: If you allow the use of Shockwave in your network, you should download and deploy the latest version (11.5.8.612) of Adobe Shockwave Player as soon as possible.
Exposure:
Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
In a security bulletin released late Tuesday, Adobe warned of twenty critical vulnerabilities that affect Adobe Shockwave Player 11.5.7.609 for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC. Adobe’s alert doesn’t describe what type of Shockwave content triggers these various flaws. However, other researchers’ alerts have disclosed that malicious Shockwave (.SWF) and Director (.DCR and .DIR) files can trigger these vulnerabilities.
If you use Adobe Shockwave in your network, we recommend you download and deploy the latest version as soon as you can.
Solution Path:
Adobe has released a new version of Shockwave Player, version 11.5.8.612. If you use Adobe Flash in your network, we recommend you download and deploy this updated player as soon as possible.
For All WatchGuard Users:
Some of WatchGuard’s Firebox models allow you to prevent your users from accessing Shockwave content (.SWF, .DIR, and .DCR) via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of this vulnerability by blocking .SWF, .DIR, and .DCR files using your Firebox’s proxy services. That said, many websites rely on Shockwave for interactive content, and blocking it could prevent these sites from working properly.
—
If you require assistance in in updating the Shockwave player, or specific instructions for applying the WatchGuard content blocks above, please call us at 864.990-4748 or email info@homelandsecureit.com – We provide network and computer support to Greenville / Upstate businesses and individuals! We offer sales of WatchGuard Firewalls and UTMs nationwide.