Secure IT Alert for Thursday, February 2, 2012

If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x  (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.

These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.

How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.

The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server.  Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.

A few examples:

Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.

Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.

QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.

The full update information can be found at http://support.apple.com/kb/HT5130

Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com

If you are using pcAnywhere to remotely access your computer, you probably want to go read the “pcAnywhere Security Recommendations” posted by Symantec.

http://www.symantec.com/connect/sites/default/files/pcAnywhere%20Security%20Recommendations%20WP_01_23_Final.pdf

The danger is that someone so inclined could potentially access your computer through vulnerabilities exposed from old source code, and gain full access to your computer, files and your network.

To sum it up, disabling pcAnywhere is a surefire way to protect yourself and your company.

If you have questions about this or any other security issue in the Greenville or Upstate SC area, please call upon Homeland Secure IT, we can help set your mind at ease.  864.990.4748

Anonymous has made the news lately with their attacks on many sites, with the most prominent being government sites. US-CERT released this info yesterday:

 

National Cyber Alert System

Technical Cyber Security Alert TA12-024A

“Anonymous” DDoS Activity

Original release date: January 24, 2012

Last revised: –

Source: US-CERT

Overview

US-CERT has received information from multiple sources about

coordinated distributed denial-of-service (DDoS) attacks with

targets that included U.S. government agency and entertainment

industry websites. The loosely affiliated collective “Anonymous”

allegedly promoted the attacks in response to the shutdown of the

file hosting site MegaUpload and in protest of proposed U.S.

legislation concerning online trafficking in copyrighted

intellectual property and counterfeit goods (Stop Online Piracy

Act, or SOPA, and Preventing Real Online Threats to Economic

Creativity and Theft of Intellectual Property Act, or PIPA).

 

 

I. Description

 

US-CERT has evidence of two types of DDoS attacks: One using HTTP

GET requests and another using a simple UDP flood.

 

The Low Orbit Ion Cannon (LOIC) is a denial-of-service attack tool

associated with previous Anonymous activity. US-CERT has reviewed

at least two implementations of LOIC. One variant is written in

JavaScript and is designed to be used from a web browser. An

attacker can access this variant of LOIC on a website and select

targets, specify an optional message, throttle attack traffic, and

monitor attack progress. A binary variant of LOIC includes the

ability to join a botnet to allow nodes to be controlled via IRC or

RSS command channels (the “HiveMind” feature).

 

The following is a sample of LOIC traffic recorded in a web server

log:

 

“GET /?id=1327014400570&msg=We%20Are%20Legion! HTTP/1.1″ 200

99406 “hxxp://pastehtml.com/view/blafp1ly1.html” “Mozilla/5.0

(Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1″

 

The following sites have been identified in HTTP referrer headers

of suspected LOIC traffic. This list may not be complete. Please do

not visit any of the links as they may still host functioning LOIC

or other malicious code.

 

“hxxp://3g.bamatea.com/loic.html”

“hxxp://anonymouse.org/cgi-bin/anon-www.cgi/”

“hxxp://chatimpacto.org/Loic/”

“hxxp://cybercrime.hostzi.com/Ym90bmV0/loic/”

“hxxp://event.seeho.co.kr/loic.html”

“hxxp://pastehtml.com/view/bl3weewxq.html”

“hxxp://pastehtml.com/view/bl7qhhp5c.html”

“hxxp://pastehtml.com/view/blafp1ly1.html”

“hxxp://pastehtml.com/view/blakyjwbi.html”

“hxxp://pastehtml.com/view/blal5t64j.html”

“hxxp://pastehtml.com/view/blaoyp0qs.html”

“hxxp://www.lcnongjipeijian.com/loic.html”

“hxxp://www.rotterproxy.info/browse.php/704521df/ccc21Oi8/

vY3liZXJ/jcmltZS5/ob3N0emk/uY29tL1l/tOTBibVY/wL2xvaWM/v/b5/

fnorefer”

“hxxp://www.tandycollection.co.kr/loic.html”

“hxxp://www.zgon.cn/loic.html”

“hxxp://zgon.cn/loic.html”

“hxxp://www.turbytoy.com.ar/admin/archivos/hive.html”

 

The following are the A records for the referrer sites as of

January, 20, 2012:

 

3g[.]bamatea[.]com                A    218[.]5[.]113[.]218

cybercrime[.]hostzi[.]com         A    31[.]170[.]161[.]36

event[.]seeho[.]co[.]kr           A    210[.]207[.]87[.]195

chatimpacto[.]org                 A    66[.]96[.]160[.]151

anonymouse[.]org                  A    193[.]200[.]150[.]125

pastehtml[.]com                   A    88[.]90[.]29[.]58

lcnongjipeijian[.]com             A    49[.]247[.]252[.]105

www[.]rotterproxy[.]info          A    208[.]94[.]245[.]131

www[.]tandycollection[.]co[.]kr   A    121[.]254[.]168[.]87

www[.]zgon[.]cn                   A    59[.]54[.]54[.]204

www[.]turbytoy[.]com[.]ar         A    190[.]228[.]29[.]84

 

The HTTP requests contained an “id” value based on UNIX time and

user-defined “msg” value, for example:

 

GET /?id=1327014189930&msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20

 

Other “msg” examples:

 

msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20

msg=:)

msg=:D

msg=Somos%20Legion!!!

msg=Somos%20legi%C3%B3n!

msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1″ 200 99406

“http://pastehtml.com/view/bl7qhhp5c.html”

msg=We%20Are%20Legion!

msg=gh

msg=open%20megaupload

msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer

%20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos

msg=stop%20SOPA!!

msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not%20

forgive.%20We%20do%20not%20forget.%20Expect%20us!

 

The “msg” field can be arbitrarily set by the attacker.

 

As of January 20, 20012, US-CERT has observed another attack that

consists of UDP packets on ports 25 and 80. The packets contained a

message followed by variable amounts of padding, for example:

 

66:6c:6f:6f:64:00:00:00:00:00:00:00:00:00 | flood………

 

Target selection, timing, and other attack activity is often

coordinated through social media sites or online forums.

 

US-CERT is continuing research efforts and will provide additional

data as it becomes available.

 

 

II. Solution

 

There are a number of mitigation strategies available for dealing

with DDoS attacks, depending on the type of attack as well as the

target network infrastructure. In general, the best practice

defense for mitigating DDoS attacks involves advanced preparation.

 

* Develop a checklist or Standard Operating Procedure (SOP) to

follow in the event of a DDoS attack. One critical point in a

checklist or SOP is to have contact information for your ISP and

hosting providers. Identify who should be contacted during a

DDoS, what processes should be followed, what information is

needed, and what actions will be taken during the attack with

each entity.

* The ISP or hosting provider may provide DDoS mitigation services.

Ensure your staff is aware of the provisions of your service

level agreement (SLA).

* Maintain contact information for firewall teams, IDS teams,

network teams and ensure that it is current and readily available.

* Identify critical services that must be maintained during an

attack as well as their priority. Services should be prioritized

beforehand to identify what resources can be turned off or

blocked as needed to limit the effects of the attack. Also,

ensure that critical systems have sufficient capacity to

withstand a DDoS attack.

* Have current network diagrams, IT infrastructure details, and

asset inventories. This will assist in determining actions and

priorities as the attack progresses.

* Understand your current environment and have a baseline of daily

network traffic volume, type, and performance. This will allow

staff to better identify the type of attack, the point of attack,

and the attack vector used. Also, identify any existing

bottlenecks and remediation actions if required.

* Harden the configuration settings of your network, operating

systems, and applications by disabling services and applications

not required for a system to perform its intended function.

* Implement a bogon block list at the network boundary.

* Employ service screening on edge routers wherever possible in

order to decrease the load on stateful security devices such as

firewalls.

* Separate or compartmentalize critical services:

 

* Separate public and private services

* Separate intranet, extranet, and internet services

* Create single purpose servers for each service such as HTTP,

FTP, and DNS

* Review the US-CERT Cyber Security Tip Understanding

Denial-of-Service Attacks.

 

 

III. References

 

* Cyber Security Tip ST04-015 -

<http://www.us-cert.gov/cas/tips/ST04-015.html>

 

* Anonymous&apos;s response to the seizure of MegaUpload according to

CNN -

<http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/index.htm>

 

* The Internet Strikes Back #OpMegaupload -

<http://anonops.blogspot.com/2012/01/internet-strikes-back-opmegaupload.html>

 

* Twitter Post from the author of the JavaScript based LOIC code -

<http://www.twitter.com/#!/mendes_rs>

 

* Anonymous Operations tweets on Twitter -

<http://twitter.com/#!/anonops>

 

* @Megaupload Tweets on Twitter -

<http://twitter.com/#!/search?q=%2523Megaupload>

 

* LOIC DDoS Analysis and Detection -

<http://blog.spiderlabs.com/2011/01/loic-ddos-analysis-and-detection.html>

 

* Impact of Operation Payback according to CNN -

<http://money.cnn.com/2010/12/08/news/companies/mastercard_wiki/index.htm>

 

* OperationPayback messages on YouTube -

<http://www.youtube.com/results?search_query=operationpayback>

 

* The Bogon Reference – Team Cymru -

<http://www.team-cymru.org/Services/Bogons/>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA12-024A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA12-024A Feedback INFO#919868″ in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2012 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

January 24, 2012: Initial release

 

If you require assistance with DDoS or any other security need for your Greenville or Upstate SC business, please call upon us at 864.990.4748 or email info@homelandsecureit.com

Microsoft rings in the new year with updates!  HAPPY NEW YEAR!!!!

The Advance Notification outlines 7 bulletins that cover updates from “important” to “critical” in Microsoft Windows (XP / Server 2003 / Vista / Server 2008) and Microsoft Developer Tools & Software.

Most will require a restart, or at least MAY require a restart.

On the Advance Notification page you can find out more about the updates coming your way on January 10th.

If you require assistance with these updates or any other security issue in the Greenville / Upstate SC area please call us at 864.990.4748 or email info@homelandsecureit.com

This is kind of old news, but seeing a blog post by someone else today reminded me that it is not patched yet…

Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer.

Here’s an actual security bulletin you can read about this:

https://secunia.com/advisories/47237/

Until this is patched for sure, I believe I would not be using the Apple Safari browser on a Windows 7 machine.  Just my two cents.

Remember the flaw that was announced around the beginning of December 2011, where hackers could possibly cause HP printers to burst into flames?

Well, HP released a fix for that a week or so back… However, they didn’t mention fire issue.

None-the-less, you may wish to consider upgrading.

Should you require assistance applying updates to your devices, servers or computers in the Greenville or Upstate SC area, you can call upon us at 864.990.4748 or email info@homelandsecureit.com

 

Yesterday, Microsoft issued a security bulletin for the .NET issues mentioned the other day.  That document can be found here:

http://technet.microsoft.com/security/bulletin/ms11-dec

Critical Security Bulletins

============================

 

MS11-100

 

- Affected Software:

- Windows XP Service Pack 3

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows XP Professional x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2003 with SP2 for Itanium-based Systems

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Vista Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Vista x64 Edition Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 2.0 Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 3.5 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 4

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 2.0 Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 3.5 Service Pack 1

(Windows Server 2008 Server Core installation not affected)

- Microsoft .NET Framework 4

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Microsoft .NET Framework 1.1 Service Pack 1

- Microsoft .NET Framework 2.0 Service Pack 2

- Microsoft .NET Framework 3.5 Service Pack 1

- Microsoft .NET Framework 4

- Windows 7 for 32-bit Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for 32-bit Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for x64-based Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows 7 for x64-based Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for x64-based Systems only:

- Microsoft .NET Framework 3.5.1

(Windows Server 2008 R2 Server Core installation affected)

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for x64-based Systems Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

(Windows Server 2008 R2 Server Core installation affected)

- Microsoft .NET Framework 4

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1 only:

- Microsoft .NET Framework 3.5.1

- Microsoft .NET Framework 4

- Impact: Elevation of Privilege

- Version Number: 1.0

Microsoft released Security Advisory 2659883 today which outlines a vulnerability in ASP.NET which could permit a Denial of Service.

More information is available here: http://technet.microsoft.com/security/advisory/2659883

Two notes from that page listed as “Mitigating Factors”:

• By default, IIS is not enabled on any supported Windows operating system
• Sites that disallow application/x-www-form-urlencoded or multipart/form-data HTTP content types are not vulnerable

Please visit the URL above to find out if your OS and version/s of the .NET Framework are affected. Basically it affects every OS, from Windows XP, Vista, 7, Server 2003, and Server 2008 R2, in 64 and 32 bit flavors, and just about every version of the .NET Framework.

Scroll down to the “Suggested Actions” section and read about “Workarounds” if you are using IIS.

If you are in the Greenville or Upstate, SC area and need assistance with this or any other computer service / support issue, please call us at 864.990.4748 or email info@homelandsecureit.com

A little something to keep you busy…   Adobe vulnerabilities that affect Microsoft Windows, Mac and Unix machines.

Patch ‘em up!

 

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA11-350A

Adobe Updates for Multiple Vulnerabilities

Original release date: December 16, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and UNIX

* Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh

* Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

 

Overview

Adobe has released Security Bulletin APSB11-30, which describes

multiple vulnerabilities affecting Adobe Reader and Acrobat.

 

I. Description

Adobe Security Bulletin APSB11-30 and Adobe Security Advisory

APSA11-04 describe a number of vulnerabilities affecting Adobe

Reader and Acrobat. These vulnerabilities affect Reader and Acrobat

9.4.6 and earlier 9.x versions. These vulnerabilities also affect

Reader X and Acrobat X 10.1.1 and earlier 10.x versions.

 

An attacker could exploit these vulnerabilities by convincing a

user to open a specially crafted PDF file. The Adobe Reader browser

plug-in, which can automatically open PDF documents hosted on a

website, is available for multiple web browsers and operating

systems.

 

Adobe Reader X and Adobe Acrobat X will be patched in the next

quarterly update scheduled for January 10, 2012.

 

Additional details for the U3D memory corruption vulnerability can

be found in US-CERT Vulnerability Note VU#759307.

II. Impact

These vulnerabilities could allow a remote attacker to execute

arbitrary code, write arbitrary files or folders to the file

system, escalate local privileges, or cause a denial of service on

an affected system as the result of a user opening a malicious PDF

file.

 

III. Solution

Update Reader

Adobe has released updates to address this issue. Users are

encouraged to read Adobe Security Bulletin APSB11-30 and update

vulnerable versions of Adobe Reader and Acrobat.

 

In addition to updating, please consider the following mitigations.

 

Disable Flash in Adobe Reader and Acrobat

 

Disabling Flash in Adobe Reader will mitigate attacks that rely on

Flash content embedded in a PDF file. Disabling 3D & Multimedia

support does not directly address the vulnerability, but it does

provide additional mitigation and results in a more user-friendly

error message instead of a crash. To disable Flash and 3D &

Multimedia support in Adobe Reader 9, delete, rename, or remove

access to these files:

 

Microsoft Windows

“%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll”

“%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll”

 

Apple Mac OS X

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/AuthPlayLib.bundle”

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

GNU/Linux (locations may vary among distributions)

“/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so”

“/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so”

 

File locations may be different for Adobe Acrobat or other Adobe

products that include Flash and 3D & Multimedia support. Disabling

these plugins will reduce functionality and will not protect

against Flash content that is hosted on websites. Depending on the

update schedule for products other than Flash Player, consider

leaving Flash and 3D & Multimedia support disabled unless they are

absolutely required.

 

Disable JavaScript in Adobe Reader and Acrobat

 

Disabling JavaScript may prevent some exploits from resulting in

code execution. Acrobat JavaScript can be disabled using the

Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

Acrobat JavaScript).

 

Adobe provides a framework to blacklist specific JavaScipt APIs. If

JavaScript must be enabled, this framework may be useful when

specific APIs are known to be vulnerable or used in attacks.

 

Prevent Internet Explorer from automatically opening PDF files

 

The installer for Adobe Reader and Acrobat configures Internet

Explorer to automatically open PDF files without any user

interaction. This behavior can be reverted to a safer option that

prompts the user by importing the following as a .REG file:

 

Windows Registry Editor Version 5.00

 

[HKEY_CLASSES_ROOT\AcroExch.Document.7]

“EditFlags”=hex:00,00,00,00

 

Disable the display of PDF files in the web browser

 

Preventing PDF files from opening inside a web browser will

partially mitigate this vulnerability. If this workaround is

applied, it may also mitigate future vulnerabilities.

 

To prevent PDF files from automatically being opened in a web

browser, do the following:

 

1. Open Adobe Acrobat Reader.

2. Open the Edit menu.

3. Choose the Preferences option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” checkbox.

 

Remove or restrict access to 3difr.x3d

 

By removing or restricting access to the 3difr.x3d file, Adobe

Reader and Acrobat will fail to render U3D content, which helps to

mitigate this vulnerability. PDF documents that use the PRC format

for 3D content will continue to function on Windows and Linux

platforms.

 

To disable U3D support in Adobe Reader 9 on Microsoft Windows,

delete or rename this file:

 

“%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d”

 

For Apple Mac OS X, delete or rename this directory:

 

“/Applications/Adobe Reader 9/Adobe

Reader.app/Contents/Frameworks/Adobe3D.framework”

 

For GNU/Linux, delete or rename this file (locations may vary among

distributions):

 

“/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d”

 

File locations may be different for Adobe Acrobat or other Adobe

products or versions.

 

Do not access PDF files from untrusted sources

 

Do not open unfamiliar or unexpected PDF files, particularly those

hosted on websites or delivered as email attachments. Please see

Cyber Security Tip ST04-010.

 

 

IV. References

 

* Security update available for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/bulletins/apsb11-30.html>

 

* Adobe Reader and Acrobat JavaScript Blacklist Framework -

<http://kb2.adobe.com/cps/504/cpsid_50431.html>

 

* Adobe Acrobat and Reader U3D memory corruption vulnerability -

<http://www.kb.cert.org/vuls/id/759307>

 

* Security Advisory for Adobe Reader and Acrobat -

<https://www.adobe.com/support/security/advisories/apsa11-04.html>

 

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA11-350A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with “TA11-350A Feedback VU#759307″ in

the subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2011 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

December 16, 2011: Initial release

 

 

—–BEGIN PGP SIGNATURE—–

Version: GnuPG v1.4.5 (GNU/Linux)

 

iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf

ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+

/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ

lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO

uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg

y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==

=rKM4

—–END PGP SIGNATURE—–

National Cyber Alert System
Technical Cyber Security Alert TA11-347A

Last updated December 13, 2011