Incidents

Adobe Fix for CVE-2011-0609

Adobe released its fix for CVE-2011-0609 this afternoon, making good on last week’s advisory dealing with the latest Flash zero-day. Kaspersky Lab products detected the variants as “Trojan-Dropper.MSExcel.SWFDrop” this past week.

While we questioned the usefulness of Flash functionality within Excel spreadsheet cells last week, attackers were sending out emails containing just these sorts of files. Our Kaspersky Security Network statistics saw very low numbers spread out across the globe, revealing attackers making targeted use of this zero-day attack.

While there were few attacks seen using this unusual mix of a Microsoft Office and Flash implementation, a question remains, why do Adobe patches continue to take so long to roll out at this point?

On one hand, we saw Google Chrome’s update for the same flash vulnerability roll out almost immediately last Tuesday, in part because of Chrome’s close integration with Flash. The Chrome dev team brags security – it’s in their browser design and security is a major part of their process. Chrome security updates are clean, easy and quick.

On the other hand, the rest of the world using Flash (which is almost 99% of internet connected PC’s, according to Adobe) was browsing with vulnerable software and provided some complicated options as attackers set their crosshairs on their next high-value target. At the same time, Flash is one of the most vulnerable applications on the web, meaning users have not been updating their software – its many versions of updates aren’t necessarily clean, easy or quick.

Adobe’s sandbox was a step in the right direction for Reader X. But attackers are responding with improvements in their own offenses. A sandbox delays exploitation, it doesn’t end exploitation – this month, Stephen Fewer
won pwn2own with an attack chaining 3 exploits together to pop out of Internet Explorer’s sandbox and compromise a Windows 7 system also protected by DEP/ASLR. In the meantime, we welcome more improvements and speed to this inevitable patching process. And please update your Adobe Reader, Flash, and Acrobat software to the latest versions.

Adobe Fix for CVE-2011-0609

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox