The Register® — Biting the hand that feeds IT

Feeds

Adobe promises fix for critical Flash hole next week

Adobe has promised to fix a critical vulnerability in its Flash player software by the end of next week. The flaw - which stems from a bug in a component of its Flash player software but also affects Adobe Reader and Acrobat - has become the focus of targeted hacking attacks over recent days. As a result Adobe Flash player ( …

This topic is closed for new posts.
Defiant
Thumb Down

Useless

They promise a fix do they. Tell me how many years have they been working on the 64 bit flash for Windows ?

Chet Wisniewski - Sophos

Can't come soon enough...

Adobe's advice is interesting, however terribly incomplete and to some degree bad advice. Going to the linked article from Adobe it tells users to delete/disable authplay.dll. Of course this is of no use to Maq, Linux, or Solaris users whatsoever. On Linux at least the file in question appears to be /opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so and on Mac it appears to be /Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle. Of course, moving this file only protects you against malicious PDF's and not the Flash exploit.. And Adobe's advice for that? "Flash Player users should exercise caution in browsing untrusted websites." What the heck is a trusted site these days? And how are users to know if a site contains Flash??? I recommend using NoScript in the interim (http://noscript.net) to prevent flash from loading through ANY site until this hole is fixed.

Which leads to my next question.. When is Adobe going to provide tools to network admins to actually roll out these updates in a controlled manner? Without something better than a quarterly patch Tuesday its only a gesture towards really caring about the security of users of their products. These flaws are being actively exploited (http://www.sophos.com/blogs/sophoslabs/post/5524) so protect yourselves immediately!

Chet Wisniewski

Security Analyst

www.sophos.com

Chet Wisniewski - Sophos

Adobe can do better than this

The advice from Adobe is a bit lacking... Linux, Mac, and Solaris users are left to their own.. And I am not sure what an "untrusted website" is considering that many popular websites, ad networks, etc have been compromised the last 18 months.

Linux users should move their libauthplay.so somewhere or delete (usually in /opt/Adobe/Reader9/Reader/intellinux/lib). This does NOT protect against the Flash exploit, only against Flash in PDF files.

Mac users should move /Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle (Just use Spotlight to search for AuthPlayLib in Applications).

Windows, Mac, and Linux users should use something like NoScript (http://noscript.net) rather than follow Adobe's advice of "exercise caution in browsing untrusted websites". We published more info on our blog, as this is being actively exploited in the wild (http://www.sophos.com/blogs/sophoslabs/post/5524).

Chet Wisniewski (@chetwisniewski)

Security Analyst

www.sophos.com

This topic is closed for new posts.