Saturday, June 5, 2010

New Adobe Security Holes:
Get Pwned Via Flash Player, Acrobat
or Adobe Reader

--
RISK: CRITICAL
--

Adobe have posted a warning that current versions of Flash Player, Acrobat and Adobe Reader have a DANGEROUS security hole that is currently being exploited out in the wild. Here are some reading sources:

Security Advisory for Flash Player, Adobe Reader and Acrobat

Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

The first article above is direct from Adobe. The second article is analysis by Brian Krebs, a professional computer security journalist.

NOT affected: Version 8.x of Acrobat and Adobe Reader. If you've got them, you can dig them out and use them safely.

You can keep track of the progress in patching this latest set of Adobe holes at either of these sites:

Adobe Security Bulletins and Advisories

Adobe Product Security Incident Response Team (PSIRT)

Because this set of security holes has been found to be exploited in the wild, I can only advise that you do NOT use any of the affected Adobe products with ANY files you encounter via the Internet.

1) Get a plugin for your web browser that TURNS OFF FLASH. (They are available for both WebKit and Mozilla based browsers). Use it and don't watch any Flash until a finished update is provided by Adobe.

2) Only open your own, or verified safe PDF files via Acrobat or Adobe Reader.

If you want to be super-duper safe, trash the Adobe Flash Plugin. You will find it here on your Mac:

/Library/Internet Plug-ins/Flash Player.plugin

Wait until the finished v10.1 Flash Player plugin has been released and install it at that time. The current unsafe Mac version of Adobe Flash Player is v10.0.45.2. When the finished version of Flash Player v10.1 is available, you will find it HERE.
--

No comments:

Post a Comment