Adobe experienced a significant security breach affecting 38 million users, compromising sensitive information, including source code for products like Acrobat, Reader, and Photoshop. The breach raises concerns about identity theft, source code integrity, and potential for new exploits. Recommendations for mitigating risks include replacing vulnerable tools, using sandboxes for applications, and enhancing memory protection technologies.

1. Sponsored by
Adobe Hacked Again: What
Does It Mean for You?
© 2013 Monterey Technology Group Inc.

2. Thanks to
www.Lumension.com
Paul Zimski
© 2013 Monterey Technology Group Inc.

3. Preview of key
points
 What we know
 The risks
 What we can do about it

4.  Privacy
 Credit card data
 Passwords
What we
know




Adobe sites and cloud services
Adobe ID
Revel
Creative Cloud
 38 million customers/users affected
 Gobs and gobs of source code




ColdFusion
Adobe Reader
Acrobat
PhotoShop

5.  Obvious identity and privacy issues
 Password practices
 But the source code breaches are what worry me
 Source code integrity
Risks
 Possible to insert arbitrary bad guy code into Adobe products that are then
signed by Adobe and released to the public
 Can you say Trojan horse?
 More 0-day exploits
 Instead of laboriously reverse engineering compiled Adobe code for buffer
overflows, etc
 Analyze the actual source code

6. What can you
do about it?
 You can’t fix Adobe’s problems, Oracle’s or anyone else
 But you can reduce your exposure to them

7.  Great examples
 Adobe Acrobat
 Adobe Reader
1. Replace
common,
vulnerable
tools where
possible
 There are awesome free and for pay replacements for both products




Faster
Cheaper
Less irritating to use
Better security
 Obscurity
 Attack surface
 Better coding?
 Not really replacements available for




Flash
Java
Adobe Air
Other Adobe content creation products

8.  Different ways to do sandboxes
 Java websites
2. Isolate
necessary
vulnerable
apps in a
sandbox
 Deploy 2 browsers
 One with Java, one without
 Optional: configure Java browser to use proxy server which limits which
sites you can access
 NoScript?
 Java applications
 Deliver via VDI
 Flash is really problematic
 Especially in Windows 8
 No alternative
 Built into Chrome and IE now
 HTML5 helping hasn’t displaced Flash yet




Click to play?
Flash sandbox?
Better in some browsers than others
Disable via group policy
 http://www.howtogeek.com/115833/

9.  Each version of Windows gets stronger memory protection
3. Using
advanced
memory
protection
technologies




Vista
Windows 7
Windows 8
Windows 8.1
 Running 64 bit IE
 3rd Party Memory protection
 DLL injection
 Reflective programming

10.  Patch
 Replace
Bottom line
 Isolate
 Control
 Protect

11. Known Adobe Software Vulnerabilities
300
Source Code
Release
Implications ?
# of NVD CVEs
250
200
All Adobe
Acrobat
150
Reader
100
Flash
Shockwave
50
0
2010
2011
2012
Year
2013
Source data: nvd.nist.gov
2010 through October
 A single CVE may apply to more than one product (especially) if from common source code
 Acrobat and Acrobat Reader are extremely well correlated (.92-.98)
 Acrobat/Release tracking at least at 2010 levels, will a dramatic increase be seen ?
 NVD = National Vulnerability Database, CVE = Common Vulnerabilities and Exposures

12. Known Adobe Software Vulnerabilities
14
Source Code
Release
Implications ?
# of NVD CVEs
12
10
8
ColdFusion
6
Photoshop
4
Illustrator
2
0
2010
2011
2012
Year
2013
Source data: nvd.nist.gov
2010 through October 2013
 Breach included Acrobat, ColdFusion, ColdFusion Builder & Photoshop
 Weak correlation Acrobat and Flash (.00-.07) with none in later years
 No other cross product correlations noted e.g. ColdFusion & Shockwave CVEs
were unrelated

13. Percentage of Adobe Vulnerabilities
Allowing “Arbitrary Code Execution”
87%
90%
Source Code
Release
Implications?
Percentage of CVEs
80%
70%
87%
80%
65%
60%
50%
Allows Arbitary Code
Execution
40%
30%
20%
10%
0%
2010
2011
2012
Year
2013
Source data: nvd.nist.gov
2010 through October 2013
 The source code is a “key to castle” to find flaws in existing memory
management / bounds checking 0-day exploit creation
 Techniques to detect and block such exploits and subsequent payloads are vital
 Layered defense to monitor and report good as well as suspicious activity
 Security Future : Correlation of disparate “big data” to “know the unknown”

14. Sponsored by
Defense-in-Depth with Lumension
Full Disk
Encryption
Physical
Access
Port / Device Control and Encryption
Anti-Malware
Patch and Configuration Management
Network
Access
Firewall Management
Click to edit
Master title
style
18

15. • Free Security Scanner Tools
» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the
devices being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Endpoint Management and
Security Suite
» Online Demo Video:
http://www.lumension.com/Resources/DemoCenter/Vulnerability-Management.aspx
» Free Trial (virtual or download):
15
http://www.lumension.com/endpointmanagement-security-suite/free-trial.aspx
• Get a Quote (and more)
http://www.lumension.com/endp
oint-management-securitysuite/buy-now.aspx#2
Sponsored by