Adobe Privilege Exploitation in 2012
With the new year upon us, it’s time for Arellia’s 2012 analysis of Adobe Security Bulletins and those with privilege exploits. As a refresher from the Introduction on Privilege Exploitation, privilege exploitation is where the malicious software takes advantage of the rights of the logged in user to change the configuration of the local computer. Breakdown of Adobe Bulletins:
|Bulletins with Privilege Exploitations||20|
|Vulnerabilities with Privilege Exploitations||98|
|% of Bulletins with Privilege Exploitation||71.43%|
|% of Vulnerabilities with Privilege Exploitation||78.40%|
Further analysis of the vulnerabilities with privilege exploitation by Adobe software component is as follows:
|Adobe Flash Player||48|
|Adobe Flash Professional||1|
Adobe Flash Player and Adobe Reader are two of the most commonly installed applications on desktops and Internet browser plugins. These applications allow for rich user experiences but also contain some of the most commonly exploited privilege vulnerabilities. These vulnerabilities are often exploited on malicious websites or webpages, but can also be exploited by downloading content and running it on your computer. Either way, privilege management can mitigate Adobe vulnerabilities.
Adobe Reader is currently being exploited as mentioned in the NakedSecurity Blog bypassing Adobe’s sandbox. This should be troubling news to all businesses using Adobe because the exploit works on Adobe Reader X and Reader XI, which is the most current version. Application privilege management can assist in further locking down applications against such exploits.
Privilege management can be implemented in one of two ways. First, one could move users from administrator accounts to standard user accounts. This can create some additional challenges around applications that require administrator rights – a challenge that can be addressed with privilege elevation using software such as Arellia Application Control Solution. The second and better option and one that is much easier to implement on any user is to remove privileges from commonly exploited applications as was illustrated in Zero Day Vulnerability Protection with Privilege Management.
Arellia Application Control Solution and Local Security Solution provide application privilege managementand user privilege management for securing Microsoft applications against privilege exploitation. Use these as an additional line of defense against common exploits.
About Arellia: Arellia provides solutions for privilege management, application whitelisting, securing local administrator accounts, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold through Symantec.