Sept. 2010 Security Alert: Adobe Flash / Acrobat / Reader vulnerabilities

  • Throughout the month of April 2024, participate in the FileJoker Thread Contest OPEN TO EVERYONE!

    From 1st to 30th of April 2024, members can earn cash rewards by posting Filejoker-Exclusive threads in the Direct-Downloads subforums.

    There are $1000 in prizes, and the top prize is $450!

    For the full rules and how to enter, check out the thread
  • Akiba-Online is sponsored by FileJoker.

    FileJoker is a required filehost for all new posts and content replies in the Direct Downloads subforums.

    Failure to include FileJoker links for Direct Download posts will result in deletion of your posts or worse.

    For more information see     this thread.
R

Rollyco

Team Tomoe
Oct 4, 2007
3,562
34
There are two current unpatched flaws in Adobe Reader/Acrobat and Adobe Flash. Your computer can get pwned just by previewing a PDF in your browser or viewing a flash video.

http://www.adobe.com/support/security/advisories/apsa10-02.html
http://www.adobe.com/support/security/advisories/apsa10-03.html

Due to the potential for drive-by malware infections, these two vulnerabilities are [highlight]extremely serious.[/highlight] I would recommend taking defensive action right now before widespread exploitation occurs (only a matter of days, working exploit code is already public.)

  • Apply Microsoft EMET mitigations to your Acrobat Reader process and your browser process to block the PDF exploit. I have no information yet if this is effective against the Flash exploit.
  • Run your browser in a limited rights context with a tool such as Sandboxie (payware) or the sandbox functionality of Comodo Internet Security (freeware.)
  • Block all Flash in your browser by default. Be extremely conservative when allowing a site until a working fix is posted by Adobe or third-parties.

And of course follow standard secure computing practices like keeping all of your software completely up-to-date.
 
S

sapientiam

Member
Jan 1, 2010
278
7
if you are using firefox, and in case you haven't, installing this is probably one of the smartest defensive move you could made to prevent any threat from web (though in case of flash, it prevents the threat by preventing you to see the flash in the first place)

NoScript Plugin

and this prevents popups, including those with flash ads

adBlock
 
J

Joelle

Active Member
Apr 24, 2008
699
49
Very Helpful, Very Scary

Extremely interesting piece, Rollyco, I'm no longer using Adobe as a result. I won't even open a PDF document right now.

Joelle
 
You must log in or register to reply here.
Top Bottom