Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Adobe breach could compromise software code

Trusteer : 07 October, 2013  (Technical Article)
Attackers have gained access to source code of Adobe products putting millions of users at risk of zero-day attacks
Adobe breach could compromise software code

In an important announcement made recently, Adobe notified customers that its network had been breached and the attackers illegally accessed information relating to 2.9 million Adobe customers as well as source code for numerous Adobe products. According to Adobe:

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.”

In addition to customer information, source code of popular Adobe applications has been accessed. The announcement doesn’t provide many details, but according to Brian Krebs, author of KrebsonSecurity, who conducted an interview with Adobe’s Chief Security Officer Brad Arkin, Adobe Acrobat may have been among the compromised products:

“Arkin said Adobe is still in the process of determining what source code for other products may have been accessed by the attackers, and conceded that Adobe Acrobat may have been among the products the bad guys touched.”

The Adobe network breach puts organisations and users at significant risk. If the source code for Adobe Reader or other popular Adobe applications was stolen, it means that cyber-criminals now have the opportunity to search this code for new unknown vulnerabilities, and develop malicious code that exploits these vulnerabilities. You can expect that we will soon have a stream of new, nasty 0-day exploits.

Zero-day exploits are used for executing drive-by downloads. They are very effective because security solutions that are designed to detect threats are not yet familiar with these new, never-seen-before threats, therefore they do not block them.  And since these exploits would be new, there wouldn’t be a patch available either.

Attackers can hide zero-day exploit code within a PDF document or other content like Flash animations to create weaponised content. Then a specially crafted spear-phishing email is used to deliver the weaponised content to the targeted user. When the user opens the attachment or watches the animation, the code exploits the vulnerability to silently download malware on the user’s machine. The user isn’t aware that this download has happened. But this malware, often a Remote Access Trojan (RAT), enables the attacker to access sensitive data or even gain full control over the user’s machine.

In many cases, the targeted user is an employee within a targeted organisation. By compromising the user’s machine, the attacker gains a foothold within the targeted organisation’s network. From here, the attacker can progress the attack and breach the organisation. Since Adobe products are widely used, they become a popular way to compromise employee endpoints and enable APTs and targeted attacks. Since users are accustomed to receiving PDF attachments and Flash movies on a daily basis, the exploitation of vulnerabilities in these applications is highly successful and puts many organisations at risk.       

Adobe is planning to release security updates on Tuesday, October 8, 2013. We recommend that users deploy these updates as soon as possible. For organisations concerned about zero-day exploits we recommend considering the implementation of exploit prevention technologies.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo