Good Afternoon, CCIP would like to bring to your attention a new vulnerability in Adobe Flash player (versions 9 and 10) as well as Adobe Reader and Acrobat (version 9) that is being actively exploited. We have received reports of this exploit being used within attacks experienced in New Zealand. MITIGATION Until a fix is made available from Adobe CCIP encourages the following workarounds: -Disable the Flash plugin in your browser or disallow by default. -Disable Flash within Adobe reader. -Consider enabling Data Execution Prevention (DEP)in Windows (Set DEP to opt out). The US CERT have released a vulnerability note: http://www.kb.cert.org/vuls/id/259425 1. Disabling the the Flash plugin or disallowing Flash by default: An example of disallowing by default for Firefox is to use the extension NoScript. 2. Disabling Flash within Reader: ---BEGIN QUOTE--- Flash and 3D & Multmedia support are implemented as plugin libraries in Adobe Reader. Disabling Flash in Adobe Reader will only mitigate attacks using a SWF embedded in a PDF file. Disabling 3D & Multimedia support does not directly address the vulnerability, but does provide additional mitigation and results in a more user-friendly error message instead of a crash. To disable Flash and 3D & Multimedia support in Adobe Reader 9 on Microsoft Windows, delete or rename these files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll" For Apple Mac OS X, delete or rename these files: "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle" "/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework" For GNU/Linux delete or rename these files (locations may vary among distributions): "/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so" "/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so" File locations may be different for Adobe Acrobat or other Adobe products that include Flash and 3D & Multimedia support. Disabling these plugins will reduce functionality, and will not protect against SWF files hosted on web sites. ---END QUOTE-- 3. Enabling DEP in Microsoft Windows: ---BEGIN QUOTE--- Users should consider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be considered a complete workaround but can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts "Understanding DEP as a mitigation technology" part 1 and part 2. Use of DEP should be considered in conjunction with the application of patches or other mitigations described in this document. ---END QUOTE--- Adobe are working on a fix and have released the following advisory: http://www.adobe.com/support/security/advisories/apsa09-03.html Regards, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz ===================================================================== If you would like to unsubscribe from CCIP Vulnerability Alerts, Advisories, e-Bulletins, Monthly Reports and Information Notes, Please send an email with 'Unsubscribe' in the subject line to publications(a)ccip.govt.nz ===================================================================== --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---