More Adobe Patches; Obfuscating DDoS Source Ports

15 May 2018 - Around the Web

Adobe Releases Out-of-Band Security Updates

Just one week after its customary monthly security updates, Adobe is pushing out fixes for a variety of security problems in Acrobat, Reader, and PhotoShop. The vulnerability in PhotoShop (CVE-2018-4946) garnered a critical ranking and, if successfully exploited, could enable remote code execution. The Acrobat and Reader fixes resolve a slew of critical- and important-rated security vulnerabilities that could also enable code execution on Windows and MacOS systems:

  • A critical rated double free that could lead to code execution (CVE-2018-4990)
  • Seven critical heap overflows that could lead to code execution (CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, and CVE-2018-4984)
  • 13 critical use-after frees that could lead to code execution (CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, and CVE-2018-4989)
  • A critical out-of-bounds write that could lead to code execution (CVE-2018-4950)
  • An important security bypass that could enable information disclosures (CVE-2018-4979)
  • 19 important out-of-bounds reads that could lead to information disclosures (CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, and CVE-2018-4985)
  • A critical type confusion that could lead to code execution (CVE-2018-4953)
  • A critical untrusted pointer dereference that could enable code execution (CVE-2018-4987)
  • An important memory corruption that could lead to information disclosures (CVE-2018-4965)
  • An important NTLM SSO hash theft that could lead to information disclosure (CVE-2018-4993)
  • An HTTP POST new line injection via XFA submission that could lead to a security bypass (CVE-2018-4994)

Imperva Proof-of-Concept Demonstrates DDoS Source Port Obfuscation

Researchers from Imperva believe that they have developed a method for launching DNS amplified DDoS attacks from irregular source ports, thereby circumventing popular DDoS mitigations that identify amplification attacks using source port data. In brief and simplified terms, the researchers were able to obfuscate the source ports for their DDoS traffic, making it significantly more difficult for network defenders to blacklist bad traffic. The attack method exploits known problems in the Universal Plug-and-Play protocol.

Transform Your Siloed Security Operations into a Holistic Security Operations Program

Get in Touch Group