Gizmo's Freeware Forum

Gizmo's Freeware Forum (https://www.techsupportalert.com/freeware-forum/)
-   Internet, Web Apps and Networking (https://www.techsupportalert.com/freeware-forum/internet-web-apps-and-networking/)
-   -   adobe flash player zero day vulnerability (https://www.techsupportalert.com/freeware-forum/internet-web-apps-and-networking/1474-adobe-flash-player-zero-day-vulnerability.html)

prairie dog 23. Jul 2009 02:41 PM

adobe flash player zero day vulnerability
 
http://news.softpedia.com/news/Adobe...d-117379.shtml

MidnightCowboy 23. Jul 2009 04:42 PM

The last part of the article is the best:

The company notes that deleting, renaming, or removing access to authplay.dll will mitigate the PDF attack vector. Meanwhile, Firefox users can employ the NoScript extension, which blocks flash movies by default, to protect themselves. However, the only advice to Internet Explorer users is to exercise extra caution when browsing untrusted websites and to keep antivirus definitions up-to-date.

This is MC's advice to IE users - dump it! :D

prairie dog 23. Jul 2009 04:58 PM

Quote:

Originally Posted by MidnightCowboy (Post 9816)
The last part of the article is the best:

The company notes that deleting, renaming, or removing access to authplay.dll will mitigate the PDF attack vector. Meanwhile, Firefox users can employ the NoScript extension, which blocks flash movies by default, to protect themselves. However, the only advice to Internet Explorer users is to exercise extra caution when browsing untrusted websites and to keep antivirus definitions up-to-date.

This is MC's advice to IE users - dump it! :D

agreed:D Firefox with noscript :cool:

Anupam 23. Jul 2009 07:32 PM

Adobe Reader has had serious vulnerabilities in the past, and still continues to have. Thankfully, other alternatives are available now, and less bloated than the Adobe Reader... so users are happy to switch... atleast I am.

Now with vulnerabilities surfacing in Adobe Flash Player too, since a few months... its time for Flash Player alternative? Is MS Silverlight the answer? But, MS products like IE are already suffering from vulnerabilities.

Firefox users also cannot be too sure they are protected with the NoScript fully. Because, there are always sites which people trust, and send them to the whitelist... like I do. So, if any of those whitelists sites are compromised, then it may affect their systems too.

What are the options... blocking flash completely until Adobe releases the patch? I think users using Sandboxie, or similar products, are safer.

Anupam 27. Jul 2009 08:25 PM

Here is more about the vulnerability in Adobe Flash Player, and Adobe Reader. Updates will be released till July 30th or 31st.

http://www.adobe.com/support/securit...apsa09-03.html

mr6n8 27. Jul 2009 08:51 PM

Well this showed me a weakness in the Secunia Online Scanner.

The scanner gives me a green on my Adobe Flash Player 10.0.22.87, even though the site has this advisory listed.

I guess the online scanner only shows a program (that has an insecurity) as insecure when the patch or update for the security risk is released.

Anupam 27. Jul 2009 09:09 PM

After looking at your post, I ran a scan with Secunia PSI program on my PC.

Under "Secure Browsing", it indicates that the Adobe Flash Player installed is insecure, and has a link which points to the vulnerability discovered.
So, they have not yet updated this in their online scanner?

It also shows Firefox 3.5.1 as insecure, and has a link which points to URL spoofing... though it has been indicated as being less critical. But says that it is a confirmed vulnerability nonetheless.

Interestingly, it also shows Media Player Classic on my PC, as end of life program.

mr6n8 28. Jul 2009 01:25 PM

I had that Secunia program on my PC, but deleted it as I figured I would just use the online scan.

After reading your post, I think the online is not as effective. It must only update when a patch is released. (I just checked and it still shows OK)

I found this in their FAQ
Quote:

Secunia Research develops new detection rules every time a vendor releases a security patch for any vulnerability in a product detected by the Secunia PSI. For example, new detection rules are created after every Microsoft Tuesday patch cycle, as this allows the Secunia PSI to check if your Windows systems patches are up to date or not.
Why it is different for the desktop version, I do not know.

The desktop version also showed MPC as end of life for me.

Thanks for the update. I am going to re-download the desktop version.

Anupam 28. Jul 2009 01:47 PM

As per their FAQ, I think they only update it when the vendor has released the patch. We should confirm it after Adobe has released the patch for Flash Player and the Adobe Reader.

Maybe Secunia wants people to use their desktop version more? Don't know.

I stopped using Adobe Reader long ago, when I felt their product had started to get bloated. Now, I use Sumatra Pdf and PDF Xchange Viewer.

Anupam 30. Jul 2009 08:52 PM

Adobe Flash Player released
 
A patched and updated version of Adobe Flash Player has been released, and is available on download sites like MajorGeeks, and FileForum.

All are requested to install it as soon as possible, because its a critical update which patches a critical vulnerability in the previous version.


All times are GMT +1. The time now is 12:54 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.