Incidents

Adobe Fix for CVE-2011-0609

Adobe released its fix for CVE-2011-0609 this afternoon, making good on last week’s advisory dealing with the latest Flash zero-day. Kaspersky Lab products detected the variants as “Trojan-Dropper.MSExcel.SWFDrop” this past week.

While we questioned the usefulness of Flash functionality within Excel spreadsheet cells last week, attackers were sending out emails containing just these sorts of files. Our Kaspersky Security Network statistics saw very low numbers spread out across the globe, revealing attackers making targeted use of this zero-day attack.

While there were few attacks seen using this unusual mix of a Microsoft Office and Flash implementation, a question remains, why do Adobe patches continue to take so long to roll out at this point?

On one hand, we saw Google Chrome’s update for the same flash vulnerability roll out almost immediately last Tuesday, in part because of Chrome’s close integration with Flash. The Chrome dev team brags security – it’s in their browser design and security is a major part of their process. Chrome security updates are clean, easy and quick.

On the other hand, the rest of the world using Flash (which is almost 99% of internet connected PC’s, according to Adobe) was browsing with vulnerable software and provided some complicated options as attackers set their crosshairs on their next high-value target. At the same time, Flash is one of the most vulnerable applications on the web, meaning users have not been updating their software – its many versions of updates aren’t necessarily clean, easy or quick.

Adobe’s sandbox was a step in the right direction for Reader X. But attackers are responding with improvements in their own offenses. A sandbox delays exploitation, it doesn’t end exploitation – this month, Stephen Fewer
won pwn2own with an attack chaining 3 exploits together to pop out of Internet Explorer’s sandbox and compromise a Windows 7 system also protected by DEP/ASLR. In the meantime, we welcome more improvements and speed to this inevitable patching process. And please update your Adobe Reader, Flash, and Acrobat software to the latest versions.

Adobe Fix for CVE-2011-0609

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox