topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 4:04 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: New flash player vulnerability (affects Adobe Reader as well)  (Read 7332 times)

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
http://secunia.com/advisories/40026

http://secunia.com/advisories/40034

Impact   System access
Where    From remote

NOTE: The vulnerability is currently being actively exploited.

Doesn't sound too good.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #1 on: June 05, 2010, 04:55 AM »
'Bout time to whip out the NoScript, have ya the browser for it.

Ehtyar.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #2 on: June 05, 2010, 06:28 AM »
Oh God... I can just hear the Apple fanboys and Jobs freaking out over this... I'm going to plug my ears now. blah blah blah I cannot hear you blah blah blah...
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #3 on: June 05, 2010, 04:41 PM »
thanks for the heads up Jibz.

and this is a reminder to everyone:  the very best way to protect yourself against such things is to be prepared to revert your machine back to a stable safe state.
you can't anticipate everything that could go wrong, so back up your computer regularly, and keep older backups.  that's the best way to be safe.

rxantos

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 116
    • View Profile
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #4 on: June 06, 2010, 07:09 PM »
The vulnerability is caused due to an unspecified error. No more information is currently available.

followed by
NOTE: The vulnerability is reportedly being actively exploited.

How can you don't know what causes the vulnerability, yet know that is actively exploited?
Who reported that is was actively exploited?
Has anyone been able to duplicate the vulnerability? If so, who?

If none of this can be answer, then:
How do we know is is not a report paid for? It wouldn't be the first time happening.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #6 on: June 07, 2010, 06:55 AM »
How do we know is is not a report paid for? It wouldn't be the first time happening.

Original Advisory
Adobe:
http://www.adobe.com...ories/apsa10-01.html

While I love a good conspiracy theory as much as the next guy, why would Adobe pay to get a false vulnerability warning on their own product?

Personally I interpreted it more like they didn't want to disclose what the problem was to avoid helping more people exploit it, but I have no idea of course :).

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #7 on: June 07, 2010, 02:47 PM »
'Bout time to whip out the NoScript, have ya the browser for it.

Ehtyar.

Aye! Thassa bes' way ta thwart yer wossname snitch.

NoScript. Learn it, load it, love it!  :Thmbsup:


Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: New flash player vulnerability (affects Adobe Reader as well)
« Reply #8 on: June 10, 2010, 05:00 PM »
Flash 10.1 out, which is reportedly not affected by this vulnerability. The new version has an unusual number of changes (PDF) for a point release, and among those are a bunch of new features that supposedly will make Flash behave as it should, and make Steve Jobs reconsider including Flash in Apple's iDevices (yeah, sure).

Meanwhile, Adobe Reader is waiting for a patch, so keep those authplay.dll renamed :)

EDIT: Some Flash animations (for example, the one running in the main Flash Player webpage) when right-clicked won't let the user close its corresponding tab or interact with other GUI elements afterwards. I've only encountered this bug on Opera, but it may affect other browsers as well.
« Last Edit: June 10, 2010, 05:10 PM by Lashiec »