Video Screencast Help
Endpoint Management Community Blog

Adobe Privilege Exploitation in 2012

Created: 18 Jan 2013
mmurphy7's picture
+1 1 Vote
Login to vote

With the new year upon us, it’s time for Arellia’s 2012 analysis of Adobe Security Bulletins and those with privilege exploits. As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer.  Breakdown of Adobe Bulletins:

Bulletins 28
Vulnerabilities 125
Bulletins with Privilege Exploitations 20
Vulnerabilities with Privilege Exploitations 98
% of Bulletins with Privilege Exploitation 71.43%
% of Vulnerabilities with Privilege Exploitation 78.40%

 

Further analysis of the vulnerabilities with privilege exploitation by Adobe software component is as follows:

Software

Vulnerabilities

Adobe Flash Player 48
Adobe Reader 25
Adobe Photoshop 7
Adobe Illustrator 6
Adobe Flash Professional 1

Adobe Flash Player and Adobe Reader are two of the most commonly installed applications on desktops and Internet browser plugins. These applications allow for rich user experiences but also contain some of the most commonly exploited privilege vulnerabilities. These vulnerabilities are often exploited on malicious websites or webpages, but can also be exploited by downloading content and running it on your computer. Either way, privilege management can mitigate Adobe vulnerabilities.

Adobe Reader is currently being exploited as mentioned in the NakedSecurity Blog bypassing Adobe’s sandbox. This should be troubling news to all businesses using Adobe because the exploit works on Adobe Reader X and Reader XI, which is the most current version. Application privilege management can assist in further locking down applications against such exploits.

Privilege management can be implemented in one of two ways. First, one could move users from administrator accounts to standard user accounts. This can create some additional challenges around applications that require administrator rights – a challenge that can be addressed with privilege elevation using software such as Arellia Application Control Solution. The second and better option and one that is much easier to implement on any user is to remove privileges from commonly exploited applications as was illustrated in Zero Day Vulnerability Protection with Privilege Management.

Arellia Application Control Solution and Local Security Solution provide application privilege managementand user privilege management for securing Microsoft applications against privilege exploitation. Use these as an additional line of defense against common exploits.

About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.