Adobe yet again *sigh*

Started by Gary, Oct 28, 2010, 18:58:45

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Gary

Quote "A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected.

NOTE: The vulnerability is currently being actively exploited.

Solution
Adobe plans to release a fixed version on November 9, 2010.

http://secunia.com/advisories/41917

Damned, if you do damned if you don't

Rik

They're not hurrying are they. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Oct 28, 2010, 19:14:45
They're not hurrying are they. :(
More here, Rik.

A Security Advisory (APSA10-05) has been posted in regards to a new Flash Player, Adobe Reader and Acrobat issue (CVE-2010-3654). A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player
Damned, if you do damned if you don't

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Rik on Oct 29, 2010, 11:08:30
:yeahright:
It would appear Flash is the carrier to affect reader, there is a mitigation for those who use Adobe reader (shudders) I have pasted it below.

Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.

Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."
Damned, if you do damned if you don't

Rik

Adobe Reader - what's that? ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Damned, if you do damned if you don't

JB

JB

'Keyboard not detected ~ Press F1 to continue'

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: 6jb on Oct 29, 2010, 11:48:21
Bloatware?

That sounds like a very un-pc (no pun intended) clothing line for the more rotund amongst us  ;D
Damned, if you do damned if you don't