Adobe Reports Critical Vulnerability in Flash, Acrobat
![Post Post](https://forums.blackravendragoons.com/styles/prosilver-goons/imageset/icon_post_target.gif)
A critical vulnerability was found in Flash and Adobe Acrobat (for reading PDFs) late last night and it appears it's actively being exploited in the wild, according to Adobe. There is currently no patch, but the workaround is to install the Flash player 10.1 release candidate as it appears unaffected.
For now, be careful what sites you're visiting. If you have Flash installed, it won't matter what browser you use if you don't have a method to block it. Furthermore, if you're running NoScript and have a site whitelisted, it's feasible that Flash can be exploited as it won't be blocked. Thus, you may need to install one of the following depending on your browser:
You can also selectively enabled/disable Flash per site from Opera. This has the same effect as using NoScript from Firefox. As far as I know, Google Chrome has no such functionality although it might be available via a user script.
Opera 9 and earlier
Click on Tools -> Quick Preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.
Opera 10 and above
Click on the red and white "O" icon in the upper-left corner and go to settings -> quick preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.
Opera - Both Versions
You can now enable/disable plugins and JavaScript on a per-site basis (note that this is effectively the same as using NoScript as you won't be protected if a white-listed site happens to serve up exploited Flash content) by right-clicking the web page and going to Edit Site Preferences and from the Content tab, check enable plugins (enables Flash) and from the Scripting tab, check enable JavaScript.
Again: Simply installing NoScript or disabling JavaScript will not protect you unless you also have a means of disabling Flash. I'll post updates here as I find them, along with links to a stable download of Flash.
For now, be careful what sites you're visiting. If you have Flash installed, it won't matter what browser you use if you don't have a method to block it. Furthermore, if you're running NoScript and have a site whitelisted, it's feasible that Flash can be exploited as it won't be blocked. Thus, you may need to install one of the following depending on your browser:
- FlashBlock for Mozilla Firefox
- FlashBlock for Opera
- FlashBlock for Google Chrome.
You can also selectively enabled/disable Flash per site from Opera. This has the same effect as using NoScript from Firefox. As far as I know, Google Chrome has no such functionality although it might be available via a user script.
Opera 9 and earlier
Click on Tools -> Quick Preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.
Opera 10 and above
Click on the red and white "O" icon in the upper-left corner and go to settings -> quick preferences and uncheck Enabled JavaScript and uncheck Enable Plugins.
Opera - Both Versions
You can now enable/disable plugins and JavaScript on a per-site basis (note that this is effectively the same as using NoScript as you won't be protected if a white-listed site happens to serve up exploited Flash content) by right-clicking the web page and going to Edit Site Preferences and from the Content tab, check enable plugins (enables Flash) and from the Scripting tab, check enable JavaScript.
Again: Simply installing NoScript or disabling JavaScript will not protect you unless you also have a means of disabling Flash. I'll post updates here as I find them, along with links to a stable download of Flash.