Jump to content

Critical security flaw in Adobe software


Camy

Recommended Posts

Adobe has acknowledged a "critical" security flaw in its Reader, Acrobat and Flash Player software.

Adobe says the vulnerability potentially enables hackers to take control of affected computer systems.

Users running Windows, Macintosh or Linux might all be open to attack.

The company is working to fix the problem. In the meantime, users of Reader, Acrobat and Flash are advised to ensure their anti-virus software is up to date.

"It doesn't really get any worse than a 'zero-day' vulnerability like this," said Graham Cluley, senior technology consultant at Sophos, a security software company.

He said that hackers could create a "booby-trapped Flash animation, or PDF" that would give them access to a person's computer, potentially allowing them to harvest personal information or use the machine to send spam messages.

Affected software

* Adobe Flash Player 10.0.45.2 and earlier 10.0.x versions for Win, Mac, Linux and Solaris

* Adobe Flash Player 9.0.262 and earlier 9.0.x versions for Win, Mac, Linux and Solaris

* Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Win, Mac and UNIX

* Adobe Flash Player 10.1 Release Candidate does not appear to be vulnerable

* Adobe Reader and Acrobat 8.x are confirmed not vulnerable

Source: Adobe

Read the full story

Read Adobe Security Advisory

Be warned, this is not just a windoze problem. If affects Macs and Unix/Linux boxes too.

I'll bet Steve Jobs is chortling over his frothy double skinny latte! :icon_twisted:

Link to comment

There are fixes in the Adobe Security Advisor. They're both resonably easy to follow.

As James pointed out it's hard to avoid flash if you're online, so sort that out if you can:

Download flash uninstaller: http://download.macromedia.com/pub/labs/fl..._win_060210.exe

Download flash version 10.1: http://download.macromedia.com/pub/labs/fl...ugin_060210.exe

Close your browser, then run the uninstaller - this will remove the version of flash you are presently running. Then run the second file which installs flash version 10.1 which is safe. I did this earlier and all is well. I haven't turned into a botnet ... not that I'd know if I did.

The instructions for sorting out acrobat are quite easy. It requires re-naming one file and the instructions are in the Adobe Security Advisor.

Remember that the above info is given in good faith and worked for me. BUT! Caveat Emptor.

Camy

Link to comment
Read the full story

Read Adobe Security Advisory

Be warned, this is not just a windoze problem. If affects Macs and Unix/Linux boxes too.

Here's the full story as of June 10, 2010:

Adobe has released a product update to Adobe Flash Player to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-14.

We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010. Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated scheduled we do not plan to release any new updates for Adobe Reader and Acrobat on July 13, 2010.

Colin :icon_twisted:

Link to comment

Well, I'm sufficiently petrified. And I got at least 2 of these demons on my system..

I'mma shut her down until I get home from work, and can walk off the cliff that doing anything

with files is for me.

I know what adobe reader does. And vaguely that flash players are for games and maybe animation of all kinds?

What's adobe air?

Camy your links look really, really friendly. Adobe security advisor, not so much.

Gotta pony-up for this one.

Thanks all, I wouldn't hear about it anywhere else.

Tracy :icon_twisted:

Link to comment
So am I safe as long as I don't open any .pdf files?

And the evil twin, of course, am I screwed if I did?

OK, you knew it was coming, here's my question:

If I have to close my browser, how do I get the links? Hehe, that was what i'd ask last year, but today I think maybe I open the links first, close the browser, and give a go to the uninstaller, and when that's done, give a go to the other one. Laugh all you want, but do correct me if i'm wrong.

Forget what it is, Do I need Adobe AIR?

Tracy

Link to comment
Will my AVG security catch any intrusions, even those made through the Adobe hole?

C

Cole,

The answer to your question is yes, as long as you install the patch to Adobe Acrobat Reader and keep your AVG virus definitions up to date. A link to the Acrobat Reader patch (if you haven't already installed it) should pop up when you manually start Acrobat Reader. If you have any of the other Adobe programs listed you should be careful and make sure you have a fully updated anti-virus program.

Colin :icon_twisted:

Link to comment
Cole,

The answer to your question is yes, as long as you install the patch to Adobe Acrobat Reader and keep your AVG virus definitions up to date. A link to the Acrobat Reader patch (if you haven't already installed it) should pop up when you manually start Acrobat Reader. If you have any of the other Adobe programs listed you should be careful and make sure you have a fully updated anti-virus program.

Colin :icon_geek:

::SIGH!::

My anti-virus program updates and upgrades itself daily.

But I have no idea what patch you're referring to, or how to install it!

Am I supposed to know this?

Maybe I should ask Tracy for advice?

C

Link to comment
How do you make the links available and still close the browser?

:icon_geek:

Tracy

Tracy, you don't have to have the links available. Download the uninstaller and the installer, then close the browser and run then.

Camy

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...