07 Feb Adobe Incubates Flash Runtime for Firefox Kurt Baumgartner
21 Oct Sweden is under attack – mass infection and new exploits! David Jacoby
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
The Adobe AIR and Adobe Flash Player Incubator program updated their Flash Platform runtime beta program to version 5, delivered as Flash Player version 11.2.300.130. It includes a "sandboxed" version of the 32-bit Flash Player they are calling "Protected Mode for Mozilla Firefox on Windows 7 and Windows Vista systems". It has been over a year since Adobe discussed the Internet Explorer ActiveX Protected Mode version release on their ASSET blog, and the version running on Google Chrome was sandboxed too.
Adobe is building on the successes that they have seen in their Adobe Reader X software. Its sandbox technology has substantially raised the bar for driving up the costs of "offensive research", resulting in a dearth of Itw exploits on Reader X. As in "none" in 2011. This trend reflects 2011 targeted attack activity that we’ve observed. 2011 APT related attacks nailed outdated versions of Adobe Flash software delivered as "authplay.dll" in Adobe Reader v8.x and v9.x and the general Flash component "NPSWF32.dll" used by older versions of Microsoft Office and other applications. Adobe X just wasn't hit. IE Protected Mode wasn't hit. Chrome sandboxed Flash wasn't hit. If there are incident handlers out there that saw a different story, please let me know.
Web based threats such as malicious links on social medias, infected websites and malicious ads are terms that we read about quite often. We security experts have for quite some time tried to emphasize the importance of protecting both your website and computer from being infected, since these malicious websites often exploit client vulnerabilities. These vulnerabilities have been one of the major attack vectors for malware writers in recent years, but is it still a problem?
We are constantly seeing new software vulnerabilities , and the bad guys are very quick to developg exploits which are then hosted in their exploit kits. The vulnerabilities themselves are not dangerous unless the attacker is able to exploit them on the victim’s computer. The attackers have therefor developed ways to get victims to visit a website, for example, which then triggers the exploit. Some common ways are through social engineering or infecting a legitimate website with redirection code that points to the exploit kit.
Last month almost all major vendors released critical security updates for their software, such as Adobe, Oracle, Apple, Microsoft and Mozilla. I then started to research the current threat landscape, and focused on Sweden since I am the security researcher for the Nordic region; and after just a few minutes I saw that both Swedish websites and Swedish users were under attack.