Adobe Flash Bug | Spy On The Webcams of Your Website Visitors

A slight variation of a previously designed clickjacking attack that used a Adobe Flash vulnerability has once again made it possible for website administrators to surreptitiously spy on their visitors by turning on the user's computer webcam and microphone.

It works in all versions of Adobe Flash that the researcher have tested . He’ve confirmed that it works in the Firefox and Safari for Mac browsers. Use one of those if you check out the live demo. There’s a weird CSS opacity bug in most other browsers (Chrome for Mac and most browsers on Windows/Linux).

Clickjacking + Adobe Flash = Sad Times!

This attack works by using a neat variation of the normal clickjacking technique that spammers and other bad people are using in the wild right now. For the uninitiated:

Combine clickjacking with the Adobe Flash Player Setting Manager pageand you have a recipe for some sad times.

How the attack works ?

Instead of iframing the whole settings page (which contains the framebusting code), Just  iframe the settings SWF file. This  bypasses the framebusting JavaScript code, since we don’t load the whole page — just the remote .SWF file. I was really surprised to find out that this actually works!

 A bunch of clickjacking attacks in the wild,  never any attacks where the attacker iframes a SWF file from a remote domain to clickjack it — let alone a .SWF file as important as one that controls access to your webcam and mic!

The problem here is the Flash Player Setting Manager, this inheritance from Macromedia might be the Flash Player security Achilles heel.

— Guya.net

This is a screenshot of what the Settings Manager .SWF file looks like:

| Source | 

Adobe Patches Critical Vulnerability In Adobe Reader and Flash Player

Adobe has rolled out security updates for its widely used PDF Reader and Flash animation.Some hackers have been exploiting these to hijack user computers.

The emergency patch for Flash was the second time in nine days that Adobe has rushed out a fix for a serious bug in the program. The vulnerability allows attackers to remotely execute malicious code on machines that run the software, and there are reports it's being actively exploited.

The targeted vulnerability resides in Flash versions for Windows, Macintosh, Linux, Solaris and the Android mobile operating system. Tuesday's fix is available for all platforms except for Android.A separate update for Reader fixes at least 13 bugs. Adobe rated 11 of them "critical," a designation typically reserved for vulnerabilities that can be exploited with little or no interaction required by the user to install malware. The flaws involved memory corruption, buffer and heap overflows, DLL load hijacking and other bugs.

Flash and Reader are among the most commonly targeted apps by criminals pushing malware. Users are better off using an alternative PDF reader such as Foxit. While the application has its share of security vulnerabilities, its smaller market share means it's mostly ignored by attackers.

Read More In the Adobe - click here and here

Via - The register

Adobe confirms critical Flash zero-day bug

For the second time in the last four weeks, Adobe has told users that hackers are exploiting an unpatched bug in Flash Player, again by embedding malicious code inside a Microsoft Office document.

In a security advisory issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment.

adobe did not spell out a patch timeline for the newest Flash zero-day.
Four weeks ago, Adobe issued a similar warning about a different flaw that hackers manipulated via attack code tucked inside Excel spreadsheet attachments.
Later, RSA Security confirmed that the March vulnerability had been used by cybercriminals to gain a foothold on its corporate network, then steal information related to the company's SecurID two-factor authentication products.
Adobe patched last month's Flash bug on March 21.
Mila Parkour, the independent security researcher who reported the newest Flash flaw to Adobe, said attackers have inserted a malicious Flash Player file into a Word document named "Disentangling Industrial Policy and Competition Policy," which is then sent to targeted recipients as an attachment.
The email message's subject heading is "Disentangling Industrial Policy and Competition Policy in China," Parkour said in an April 6 entry on her Contagio Malware Dump blog.
One message that Parkour cited claimed the attached Word document was a copy of the American Bar Association's Antitrust Source newsletter, hinting that the target recipients may have been the legal departments at corporations or government agencies.
People seeing the email and attachment could be expected to fall for the ruse, since the most recent issue of Antitrust Source does contain an article by the same name. The legitimate article is available on the newsletter's Web site ( download PDF document).
Parkour has reported numerous vulnerabilities to Adobe, including one last September in the company's popular PDF viewer, Adobe Reader.
The Flash vulnerability also exists in Adobe Reader and Acrobat, both of which include code that renders Flash content inserted into PDF files.
"At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat," Adobe said in the advisory.



Last month, Microsoft urged Excel users to install and run the Enhanced Mitigation Experience Toolkit (EMET) to block those attacks, and said that Excel 2010 was not susceptible to the exploit because of its "Protected View" sandbox.
While those same recommendations may apply today for Word, Microsoft was not immediately able to confirm that to Computerworld.
Currently, only one anti-virus firm, Commtouch, has issued a signature that tags the rogue Word document as a threat, according to VirusTotal, a free service that analyzes suspicious files.
Flash vulnerabilities are an attractive target to hackers, said Andrew Storms, director of security operations at nCircle Security. When asked if the rash of Flash flaws meant it was time for companies to consider ditching the browser plug-in, Storms answered, "That's going to be incredibly hard due to the pervasiveness of its use in valid business systems."

Adobe confirms critical Flash zero-day bug

For the second time in the last four weeks, Adobe has told users that hackers are exploiting an unpatched bug in Flash Player, again by embedding malicious code inside a Microsoft Office document.

In a security advisory issued Monday, Adobe said that attackers are exploiting the vulnerability by embedding Flash attack files within a Microsoft Word document sent as an email attachment.

dobe did not spell out a patch timeline for the newest Flash zero-day.
Four weeks ago, Adobe issued a similar warning about a different flaw that hackers manipulated via attack code tucked inside Excel spreadsheet attachments.
Later, RSA Security confirmed that the March vulnerability had been used by cybercriminals to gain a foothold on its corporate network, then steal information related to the company's SecurID two-factor authentication products.
Adobe patched last month's Flash bug on March 21.
Mila Parkour, the independent security researcher who reported the newest Flash flaw to Adobe, said attackers have inserted a malicious Flash Player file into a Word document named "Disentangling Industrial Policy and Competition Policy," which is then sent to targeted recipients as an attachment.
The email message's subject heading is "Disentangling Industrial Policy and Competition Policy in China," Parkour said in an April 6 entry on her Contagio Malware Dump blog.
One message that Parkour cited claimed the attached Word document was a copy of the American Bar Association's Antitrust Source newsletter, hinting that the target recipients may have been the legal departments at corporations or government agencies.
People seeing the email and attachment could be expected to fall for the ruse, since the most recent issue of Antitrust Source does contain an article by the same name. The legitimate article is available on the newsletter's Web site ( download PDF document).
Parkour has reported numerous vulnerabilities to Adobe, including one last September in the company's popular PDF viewer, Adobe Reader.
The Flash vulnerability also exists in Adobe Reader and Acrobat, both of which include code that renders Flash content inserted into PDF files.
"At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat," Adobe said in the advisory.



Last month, Microsoft urged Excel users to install and run the Enhanced Mitigation Experience Toolkit (EMET) to block those attacks, and said that Excel 2010 was not susceptible to the exploit because of its "Protected View" sandbox.
While those same recommendations may apply today for Word, Microsoft was not immediately able to confirm that to Computerworld.
Currently, only one anti-virus firm, Commtouch, has issued a signature that tags the rogue Word document as a threat, according to VirusTotal, a free service that analyzes suspicious files.
Flash vulnerabilities are an attractive target to hackers, said Andrew Storms, director of security operations at nCircle Security. When asked if the rash of Flash flaws meant it was time for companies to consider ditching the browser plug-in, Storms answered, "That's going to be incredibly hard due to the pervasiveness of its use in valid business systems."

PDF(adobe) attack analysis

So How These Hackers Trying Find Exploits In PDF(adobe reader), over the past twelve months, the following scenario was developed to highlight methods used by attackers to extract corporate secrets from a victim organization. Not every attack follows these steps in this order. However, this scenario illustrates some of the most common and damaging tactics used against commercial and government organizations today.

Here We Go

Step 1:  The attacker begins by using powerful free attack software to create a malicious PDF file that contains exploitation code. If this file is opened on a victim computer with unpatched PDF reader software, this code will execute commands of the attacker’s choosing.

Step 2: The attacker loads the malicious PDF file 2 a third-party website.The attacker then loads the malicious PDF file on a publicly accessible website.

STEP 3 : The attacker now sends e-mail to high-profile individualin the target organization, including corporate officers.This message contains a hyperlink to the attacker’s malicious PDF file on the external Web server. The e-mail message is finely tuned to each target individual with a focused effort to get the recipient to click on the link. some other trusted site. The attacker does not includethe malicious PDF file as an e-mail attachment, because such attacks are more likely to be blocked by e-mail filters, anti-virus software, and other defenses of the target organization.

Step4: The victim inside the targeted organization reads the e-mail, pulling down the attacker’s message with the link to the malicious PDF. The user reads the e-mail and clicks on the link.

Step5: When the user on the victim machine clicks on the link in the e-mail message, the victim’s computer automatically launches a browser to fetch the malicious PDF file. When the file arrives at the victim computer, the browser automatically invokes the PDF reader program to process and display the malicious PDF file.

Step6: When the PDF reader software processes the malicious PDF file for display, exploit code from the file executes on the victim machine. This code causes the system to launch an interactive command shell the attacker can use to control the victim machine. The exploit code also causes the machine to make an outbound connection back to the attacker through the enterprise firewall. Via this reverse shell connection, the attacker uses an outbound connection to gain inbound control of the victim machine.

Step 7 : With shell access of the victim machine, the attacker scours the system looking for sensitive files stored locally. After stealing some files from this first conquered system, the attacker looks for evidence of other nearby machines. In particular, the attacker focuses on identifying mounted file shares the user has connected to on a file server.

Step8: After identifying a file server, the attacker uses the command shell to access the server with the credentials of the victim user who clicked on the link to the malicious PDF. The attacker then analyzes the file server, looking for more files from the targetorganization.

Step9: Finally, with access to the file server, the attacker extracts a significant number of sensitive documents, possibly including the organization’s trade secrets and business plans, Personally Identifiable Information about customers and employees, or other important data the attacker could use or sell.

I Hope Guys You Liked The Scene Behind PDF Exploitation Steps, No Hesitation…!! Lets Share it..!!! This Contents Are Strictly Belongs To The Property Of (hackersbay.in)-> HACKERS

PDF(adobe) attack analysis

So How These Hackers Trying Find Exploits In PDF(adobe reader), over the past twelve months, the following scenario was developed to highlight methods used by attackers to extract corporate secrets from a victim organization. Not every attack follows these steps in this order. However, this scenario illustrates some of the most common and damaging tactics used against commercial and government organizations today.

Here We Go

Step 1:  The attacker begins by using powerful free attack software to create a malicious PDF file that contains exploitation code. If this file is opened on a victim computer with unpatched PDF reader software, this code will execute commands of the attacker’s choosing.

Step 2: The attacker loads the malicious PDF file 2 a third-party website.The attacker then loads the malicious PDF file on a publicly accessible website.

STEP 3 : The attacker now sends e-mail to high-profile individualin the target organization, including corporate officers.This message contains a hyperlink to the attacker’s malicious PDF file on the external Web server. The e-mail message is finely tuned to each target individual with a focused effort to get the recipient to click on the link. some other trusted site. The attacker does not includethe malicious PDF file as an e-mail attachment, because such attacks are more likely to be blocked by e-mail filters, anti-virus software, and other defenses of the target organization.

Step4: The victim inside the targeted organization reads the e-mail, pulling down the attacker’s message with the link to the malicious PDF. The user reads the e-mail and clicks on the link.

Step5: When the user on the victim machine clicks on the link in the e-mail message, the victim’s computer automatically launches a browser to fetch the malicious PDF file. When the file arrives at the victim computer, the browser automatically invokes the PDF reader program to process and display the malicious PDF file.

Step6: When the PDF reader software processes the malicious PDF file for display, exploit code from the file executes on the victim machine. This code causes the system to launch an interactive command shell the attacker can use to control the victim machine. The exploit code also causes the machine to make an outbound connection back to the attacker through the enterprise firewall. Via this reverse shell connection, the attacker uses an outbound connection to gain inbound control of the victim machine.

Step 7 : With shell access of the victim machine, the attacker scours the system looking for sensitive files stored locally. After stealing some files from this first conquered system, the attacker looks for evidence of other nearby machines. In particular, the attacker focuses on identifying mounted file shares the user has connected to on a file server.

Step8: After identifying a file server, the attacker uses the command shell to access the server with the credentials of the victim user who clicked on the link to the malicious PDF. The attacker then analyzes the file server, looking for more files from the targetorganization.

Step9: Finally, with access to the file server, the attacker extracts a significant number of sensitive documents, possibly including the organization’s trade secrets and business plans, Personally Identifiable Information about customers and employees, or other important data the attacker could use or sell.

I Hope Guys You Liked The Scene Behind PDF Exploitation Steps, No Hesitation…!! Lets Share it..!!! This Contents Are Strictly Belongs To The Property Of (hackersbay.in)-> HACKERS