Black Raven Dragoons

[Zancarius]

A critical vulnerability was found in Flash and Adobe Acrobat (for reading PDFs) late last night and it appears it's actively being exploited in the wild, according to Adobe. There is currently no patch, but the workaround is to install the Flash player 10.1 release candidate as it appears unaffected.

For now, be careful what sites you're visiting. If you have Flash installed, it won't matter what browser you use if you don't have a method to block it. Furthermore, if you're running NoScript and have a site whitelisted, it's feasible that Flash can be exploited as it won't be blocked. Thus, you may need to install one of the following depending on your browser:

• FlashBlock for Mozilla Firefox
• FlashBlock for Opera
• FlashBlock for Google Chrome.

You can also selectively enabled/disable Flash per site from Opera. This has the same effect as using NoScript from Firefox. As far as I know, Google Chrome has no such functionality although it might be available via a user script.

Opera 9 and earlier

Click on Tools -> Quick Preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.

Opera 10 and above

Click on the red and white "O" icon in the upper-left corner and go to settings -> quick preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.

Opera - Both Versions

You can now enable/disable plugins and JavaScript on a per-site basis (note that this is effectively the same as using NoScript as you won't be protected if a white-listed site happens to serve up exploited Flash content) by right-clicking the web page and going to Edit Site Preferences and from the Content tab, check enable plugins (enables Flash) and from the Scripting tab, check enable JavaScript.

Again: Simply installing NoScript or disabling JavaScript will not protect you unless you also have a means of disabling Flash. I'll post updates here as I find them, along with links to a stable download of Flash.

[Zancarius]

Bumping this.

Looks like Adobe came through and released the actual release version of Flash Player 10.1.

If you haven't upgraded, you can grab the download directly from here or you can go here: http://get.adobe.com/flashplayer/

It'll attempt to install McAfee's security scan or some such as well (hence why I posted the direct download link up top). I hate McAfee's software as it is.

As always, if you're exceptionally paranoid, just type www.adobe.com into your browser's address bar, click "Get Flash Player" and follow the instructions to install it. If you're installing the Flash plugin for Firefox, you'll need to reinstall (and probably confirm the installation before FF will let you do anything). If you've downloaded the standalone executable, you'll need to close all running browsers before running the installer.

Remember: This exploit is critical, and if you're still running Flash 10.0.x, you're vulnerable. You must upgrade Flash to keep yourself safe, if you have it installed. If not, you're okay!

[Zancarius]

Bumping this for anyone who has NOT yet updated Flash (hint: you should, unless you want to risk getting keylogged).