It is currently Thu Nov 21, 2024 10:54 am

Adobe Reports Critical Vulnerability in Flash, Acrobat

For game and non-game related chatter, links, and other goodies, go here.

Adobe Reports Critical Vulnerability in Flash, Acrobat

Postby Zancarius » Sat Jun 05, 2010 10:07 am

A critical vulnerability was found in Flash and Adobe Acrobat (for reading PDFs) late last night and it appears it's actively being exploited in the wild, according to Adobe. There is currently no patch, but the workaround is to install the Flash player 10.1 release candidate as it appears unaffected.

For now, be careful what sites you're visiting. If you have Flash installed, it won't matter what browser you use if you don't have a method to block it. Furthermore, if you're running NoScript and have a site whitelisted, it's feasible that Flash can be exploited as it won't be blocked. Thus, you may need to install one of the following depending on your browser:



You can also selectively enabled/disable Flash per site from Opera. This has the same effect as using NoScript from Firefox. As far as I know, Google Chrome has no such functionality although it might be available via a user script.

Opera 9 and earlier

Click on Tools -> Quick Preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.

Opera 10 and above

Click on the red and white "O" icon in the upper-left corner and go to settings -> quick preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.

Opera - Both Versions

You can now enable/disable plugins and JavaScript on a per-site basis (note that this is effectively the same as using NoScript as you won't be protected if a white-listed site happens to serve up exploited Flash content) by right-clicking the web page and going to Edit Site Preferences and from the Content tab, check enable plugins (enables Flash) and from the Scripting tab, check enable JavaScript.

Again: Simply installing NoScript or disabling JavaScript will not protect you unless you also have a means of disabling Flash. I'll post updates here as I find them, along with links to a stable download of Flash.
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Postby Zancarius » Thu Jun 10, 2010 11:44 am

Bumping this.

Looks like Adobe came through and released the actual release version of Flash Player 10.1.

If you haven't upgraded, you can grab the download directly from here or you can go here: http://get.adobe.com/flashplayer/

It'll attempt to install McAfee's security scan or some such as well (hence why I posted the direct download link up top). I hate McAfee's software as it is.

As always, if you're exceptionally paranoid, just type www.adobe.com into your browser's address bar, click "Get Flash Player" and follow the instructions to install it. If you're installing the Flash plugin for Firefox, you'll need to reinstall (and probably confirm the installation before FF will let you do anything). If you've downloaded the standalone executable, you'll need to close all running browsers before running the installer.

Remember: This exploit is critical, and if you're still running Flash 10.0.x, you're vulnerable. You must upgrade Flash to keep yourself safe, if you have it installed. If not, you're okay!
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male

Postby Zancarius » Fri Jun 18, 2010 11:14 pm

Bumping this for anyone who has NOT yet updated Flash (hint: you should, unless you want to risk getting keylogged).
I gave that lich a phylactery shard. Liches love phylactery shards.
User avatar
Zancarius
Site Admin
 
Posts: 3907
Joined: Wed Jul 05, 2006 3:06 pm
Location: New Mexico
Gender: Male


Return to General Chat

Who is online

Users browsing this forum: No registered users and 21 guests

cron