Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Internet, Web Apps and Networking

Reply
 
Thread Tools Display Modes
Old 23. Jul 2009, 02:41 PM   #1 (permalink)
Senior Member
 
Join Date: Apr 2009
Location: Northern US
Posts: 134
Default adobe flash player zero day vulnerability

http://news.softpedia.com/news/Adobe...d-117379.shtml
prairie dog is offline   Reply With Quote
Old 23. Jul 2009, 04:42 PM   #2 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,186
Default

The last part of the article is the best:

The company notes that deleting, renaming, or removing access to authplay.dll will mitigate the PDF attack vector. Meanwhile, Firefox users can employ the NoScript extension, which blocks flash movies by default, to protect themselves. However, the only advice to Internet Explorer users is to exercise extra caution when browsing untrusted websites and to keep antivirus definitions up-to-date.

This is MC's advice to IE users - dump it!
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is offline   Reply With Quote
Old 23. Jul 2009, 04:58 PM   #3 (permalink)
Senior Member
 
Join Date: Apr 2009
Location: Northern US
Posts: 134
Default

Quote:
Originally Posted by MidnightCowboy View Post
The last part of the article is the best:

The company notes that deleting, renaming, or removing access to authplay.dll will mitigate the PDF attack vector. Meanwhile, Firefox users can employ the NoScript extension, which blocks flash movies by default, to protect themselves. However, the only advice to Internet Explorer users is to exercise extra caution when browsing untrusted websites and to keep antivirus definitions up-to-date.

This is MC's advice to IE users - dump it!
agreed Firefox with noscript
prairie dog is offline   Reply With Quote
Old 23. Jul 2009, 07:32 PM   #4 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Adobe Reader has had serious vulnerabilities in the past, and still continues to have. Thankfully, other alternatives are available now, and less bloated than the Adobe Reader... so users are happy to switch... atleast I am.

Now with vulnerabilities surfacing in Adobe Flash Player too, since a few months... its time for Flash Player alternative? Is MS Silverlight the answer? But, MS products like IE are already suffering from vulnerabilities.

Firefox users also cannot be too sure they are protected with the NoScript fully. Because, there are always sites which people trust, and send them to the whitelist... like I do. So, if any of those whitelists sites are compromised, then it may affect their systems too.

What are the options... blocking flash completely until Adobe releases the patch? I think users using Sandboxie, or similar products, are safer.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 27. Jul 2009, 08:25 PM   #5 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

Here is more about the vulnerability in Adobe Flash Player, and Adobe Reader. Updates will be released till July 30th or 31st.

http://www.adobe.com/support/securit...apsa09-03.html
__________________
Anupam
Anupam is offline   Reply With Quote
Old 27. Jul 2009, 08:51 PM   #6 (permalink)
Senior Member
 
Join Date: May 2008
Posts: 424
Default

Well this showed me a weakness in the Secunia Online Scanner.

The scanner gives me a green on my Adobe Flash Player 10.0.22.87, even though the site has this advisory listed.

I guess the online scanner only shows a program (that has an insecurity) as insecure when the patch or update for the security risk is released.
mr6n8 is offline   Reply With Quote
Old 27. Jul 2009, 09:09 PM   #7 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

After looking at your post, I ran a scan with Secunia PSI program on my PC.

Under "Secure Browsing", it indicates that the Adobe Flash Player installed is insecure, and has a link which points to the vulnerability discovered.
So, they have not yet updated this in their online scanner?

It also shows Firefox 3.5.1 as insecure, and has a link which points to URL spoofing... though it has been indicated as being less critical. But says that it is a confirmed vulnerability nonetheless.

Interestingly, it also shows Media Player Classic on my PC, as end of life program.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 28. Jul 2009, 01:25 PM   #8 (permalink)
Senior Member
 
Join Date: May 2008
Posts: 424
Default

I had that Secunia program on my PC, but deleted it as I figured I would just use the online scan.

After reading your post, I think the online is not as effective. It must only update when a patch is released. (I just checked and it still shows OK)

I found this in their FAQ
Quote:
Secunia Research develops new detection rules every time a vendor releases a security patch for any vulnerability in a product detected by the Secunia PSI. For example, new detection rules are created after every Microsoft Tuesday patch cycle, as this allows the Secunia PSI to check if your Windows systems patches are up to date or not.
Why it is different for the desktop version, I do not know.

The desktop version also showed MPC as end of life for me.

Thanks for the update. I am going to re-download the desktop version.
mr6n8 is offline   Reply With Quote
Old 28. Jul 2009, 01:47 PM   #9 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default

As per their FAQ, I think they only update it when the vendor has released the patch. We should confirm it after Adobe has released the patch for Flash Player and the Adobe Reader.

Maybe Secunia wants people to use their desktop version more? Don't know.

I stopped using Adobe Reader long ago, when I felt their product had started to get bloated. Now, I use Sumatra Pdf and PDF Xchange Viewer.
__________________
Anupam
Anupam is offline   Reply With Quote
Old 30. Jul 2009, 08:52 PM   #10 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,275
Default Adobe Flash Player released

A patched and updated version of Adobe Flash Player has been released, and is available on download sites like MajorGeeks, and FileForum.

All are requested to install it as soon as possible, because its a critical update which patches a critical vulnerability in the previous version.
__________________
Anupam
Anupam is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 02:33 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.