![]() |
![]() |
#2 (permalink) |
Site Manager
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,356
|
![]()
The last part of the article is the best:
The company notes that deleting, renaming, or removing access to authplay.dll will mitigate the PDF attack vector. Meanwhile, Firefox users can employ the NoScript extension, which blocks flash movies by default, to protect themselves. However, the only advice to Internet Explorer users is to exercise extra caution when browsing untrusted websites and to keep antivirus definitions up-to-date. This is MC's advice to IE users - dump it! ![]()
__________________
Buy a Hoover and prove technology sucks. |
![]() |
![]() |
![]() |
#3 (permalink) | |
Senior Member
Join Date: Apr 2009
Location: Northern US
Posts: 134
|
![]() Quote:
![]() ![]() |
|
![]() |
![]() |
![]() |
#4 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Adobe Reader has had serious vulnerabilities in the past, and still continues to have. Thankfully, other alternatives are available now, and less bloated than the Adobe Reader... so users are happy to switch... atleast I am.
Now with vulnerabilities surfacing in Adobe Flash Player too, since a few months... its time for Flash Player alternative? Is MS Silverlight the answer? But, MS products like IE are already suffering from vulnerabilities. Firefox users also cannot be too sure they are protected with the NoScript fully. Because, there are always sites which people trust, and send them to the whitelist... like I do. So, if any of those whitelists sites are compromised, then it may affect their systems too. What are the options... blocking flash completely until Adobe releases the patch? I think users using Sandboxie, or similar products, are safer.
__________________
Anupam |
![]() |
![]() |
![]() |
#5 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Here is more about the vulnerability in Adobe Flash Player, and Adobe Reader. Updates will be released till July 30th or 31st.
http://www.adobe.com/support/securit...apsa09-03.html
__________________
Anupam |
![]() |
![]() |
![]() |
#6 (permalink) |
Senior Member
Join Date: May 2008
Posts: 424
|
![]()
Well this showed me a weakness in the Secunia Online Scanner.
The scanner gives me a green on my Adobe Flash Player 10.0.22.87, even though the site has this advisory listed. I guess the online scanner only shows a program (that has an insecurity) as insecure when the patch or update for the security risk is released. |
![]() |
![]() |
![]() |
#7 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
After looking at your post, I ran a scan with Secunia PSI program on my PC.
Under "Secure Browsing", it indicates that the Adobe Flash Player installed is insecure, and has a link which points to the vulnerability discovered. So, they have not yet updated this in their online scanner? It also shows Firefox 3.5.1 as insecure, and has a link which points to URL spoofing... though it has been indicated as being less critical. But says that it is a confirmed vulnerability nonetheless. Interestingly, it also shows Media Player Classic on my PC, as end of life program.
__________________
Anupam |
![]() |
![]() |
![]() |
#8 (permalink) | |
Senior Member
Join Date: May 2008
Posts: 424
|
![]()
I had that Secunia program on my PC, but deleted it as I figured I would just use the online scan.
After reading your post, I think the online is not as effective. It must only update when a patch is released. (I just checked and it still shows OK) I found this in their FAQ Quote:
The desktop version also showed MPC as end of life for me. Thanks for the update. I am going to re-download the desktop version. |
|
![]() |
![]() |
![]() |
#9 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
As per their FAQ, I think they only update it when the vendor has released the patch. We should confirm it after Adobe has released the patch for Flash Player and the Adobe Reader.
Maybe Secunia wants people to use their desktop version more? Don't know. I stopped using Adobe Reader long ago, when I felt their product had started to get bloated. Now, I use Sumatra Pdf and PDF Xchange Viewer.
__________________
Anupam |
![]() |
![]() |
![]() |
#10 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
A patched and updated version of Adobe Flash Player has been released, and is available on download sites like MajorGeeks, and FileForum.
All are requested to install it as soon as possible, because its a critical update which patches a critical vulnerability in the previous version.
__________________
Anupam |
![]() |
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|