NEWS FROM THE LAB - Thursday, November 8, 2012

Tally of November's Vulnerabilities and a Zero-Day Posted by Sean @ 12:20 GMT

It's not yet the second Tuesday of the month — but already there are a good number of important updates that you should apply. And one significant zero-day of which you should be aware.

First up: Flash! Adobe released an important update on November 6th (details here) that corrects seven vulnerabilities.

Check your version here.

Flash 11.5.502.110

11.5.502.110 is the latest version depending on the browser. Do remember you don't need to have more plug-ins installed than you actually use. For example, Chrome includes its own version of Flash.

And speaking of Chrome, Google also released a security update on the 6th (details). That's a rather easy update, just check About (chrome://chrome/) to see that you're running version 23.0.1271.64.

Chrome 23.0.1271.64

Apple released updates for the Windows version of QuickTime on November 7th (details). QuickTime 7.7.3 includes 9 updates for vulnerabilities which appear to be exploitable in drive-by attacks. QuickTime is no longer required by iTunes. If you don't remember the last time it was used, ask yourself, do you really need to have QuickTime installed? (It's a very popular target.)

Speaking of popular targets…

Java! Be sure your Java Runtime client is up to date. (Check your version here.) Our single biggest detection based on upstream data is: Exploit:Java/Majava.A. Java Runtime is the number one target bar none.

And the second most common detection based on our upstream data is: Exploit:W32/CVE-2010-0188.B. An exploit for Adobe Reader, which you can see from the CVE number, dates back to 2010. So make sure you're running the latest version of Adobe Reader.

But even then, be aware there's an Adobe Reader zero-day vulnerability being reported by Group-IB.

The vulnerability is significant because it is able to exploit current, and up to date, versions of Adobe Reader. And is able to break out of Reader's sandbox to exploit the host computer.

Group-IB US: Zero-day vulnerability found in Adobe X

According to Group-IB, some high end versions of the Blackhole Exploit Kit are being sold. So the exploit isn't widely in use… yet. Consider mitigating your use of Reader if you have it installed.

Here's a YouTube video of the exploit in action.