We cannot renounce the use of force otherwise a peaceful reunification would be impossible - China's Jhian Xemin on Taiwan
|
|
|
Adobe goes critical again
PROPRIETARY TOOLMAKER Adobe has been forced to build patches for its free (PDF) Reader and Acrobat PDF creation software because of a critical flaw in its Flash Player.
The critical patches will address a problem that Adobe has already fixed in Flash Player version 10.0.42.34 and earlier. Adobe claims that the vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests.
Adobe's severity rating system lists the Flash Player patch as critical. This means that if exploited, it could allow malicious code to execute, potentially without the user being aware.
The company says the vulnerability could enable "Flash applets to circumvent certain security functions in order to access other websites without obtaining the user's permission. A specially crafted Flash file on a malicious web page could read data, including banking data or similar, displayed in other open browser windows."
Adobe recommends that users of Flash Player 10.0.42.34 and earlier update to 10.0.45.2, while users of Adobe AIR version 1.5.3.1920 and earlier versions update to 1.5.3.1930. Flash users can use Adobe's Flash Player Download site or auto-update in the player when prompted. Affected AIR users can download from the Adobe AIR Download site.
The flaw apparently is so critical that Adobe will be releasing patches for Reader and Acrobat outside of its standard security update cycle on February 16.
At the movement there are no known exploits for these flaws but the popularity of Adobe's Flash Player, Reader and Acrobat make them such prime targets that it likely won't be long before some bright spark finds a way. µ
Share this:
Share
Worse than Micro$oft? Yes, there you have adobe. More expensive than M$, slow, bloated and unreliable software maker.
All of their products are a pain in the neck and they keep the money flood because they had a good idea once (photoshop). A bunch of incompetents.
The community needs to get rid of Adobe ASAP. Specially flash, flawed from design... Activex anyone?
Well it appears that the "update" Adobe provides for IE8 is not the newest, fixed version. The one for Firefox is, however.
it seems that noscript itself can replace the other two add-ons. flashy crap is invoked through scripts, fewer add-ons means fewer possible vulnerabilities.
Meanwhile their release notes are no doubt still stuck at several versions ago, they picked that trick up from apple's quicktime.
And they so smartly keep adding wonderful functionality like 'ability to read and write to the clipboard' to name but one thing, yeah that could not possibly lead to any kind of abuse, in a network plugin, used by people that have no idea of how computers work really.
And jilocasin is right flashblock is your friend, but look at the numbers and how many people still use IE.. they won't be using flashblock any time soon I fear.
I agree, Flash is nothing but a resource hogging advertisement platform. I use Linux and my favourite 3 Firefox add ons are, Flashblock, adblock and noscript.
My pages are much faster with Flashblock running and it saves battery life too since my laptop does not need to work near as hard rendering those pages.
Once again, FlashBlock (if you're using FireFox) is your friend.
Only enable flash if I'm actually looking to watch something in flash.
Safer, faster, and your websites are so much easier to read without all that over the top advertising.
Stopping tomorrow's flash exploit today, well that's just a tasty bonus.
It would be interesting if we were able to see what % of compromised computers/botnets in the world were infected through flash vulnerabilities. I'm guessing it would be upwards of 70-80%. It's funny how everyone complains about Microsoft and IE security but nobody complains about Adobe when their computers are rooted through banner ads on a webpage.