Feeds

back to article Adobe promises emergency patch for Flash, Reader bugs

Adobe Systems plans to release emergency patches for its Flash and Reader applications after learning a critical vulnerability is being exploited to install malware on vulnerable machines. The out-of-cycle patches for Adobe Flash Player 10 and Acrobat and Reader versions 9, 10, and X will arrive during the week March 21, the …

COMMENTS

This topic is closed for new posts.
Coffee/keyboard

You Can Fool Some of the People For Years and Years

You can fool some of the people all of the time and all of the people some of the time but anyone still running Adobe Reader after ~10 years and ~10 major versions of this crap is the fool of all fools. But hey, all you need is another 100M download to solve the problem - or at least delay it for another month.

2
1

This post has been deleted by its author

WTF?

Excel?

And there is a reason why you'd need flash embedded in Excel?

2
0
Jobs Horns

Funny, but...

I want Flash on my phone ASAP!

0
0

Adobe's sandbox is just dandy

If it didn't break integration with at least one other vendor's apps who then advise you to disable it...

0
0
Gold badge

Integration

Yes, but it is the integration that causes these problems.

When everything didn't try to automatically do everything all inside and link to everything else there were few attack vectors. This happened because a Flash object was embeded inside an Excel object, that was embeded in an email...

2
0
FAIL

A "preponderance" of caution?

I do not think it means what he thinks it means. Tell him to try "abundance" next time.

0
0
Alert

come one

Please, html5, kill flash soon.

3
2
Coat

Hell, yeah!

Naturally, there was NEVER an exploit involving HTML, CSS or Javascript, not to mention JPEG graphics! And of course, most browsers are NOT being updated once a month for this reason.

Mine is the one with abacus in the pocket. Can't exploit that one, can you? Not a single version update in 100 years, and the only crash bug is when you use it to, ahem, kill insects.

2
0

sandbox?

So as DEP may prevent some attacks, MS doesn't ship some obvious flaw fixers to their products?

Isn't sandbox'es purpose pushed a bit too much in this case? What if black hats are in "wait and see" mode and will release sandbox beating exploit variant later?

It is almost like showing off a demo risking millions of users. They don't even have the exploit in hand and I bet they never contacted kaspersky/f-secure/avast etc. to figure if they got some heuristic hit in their hand. Yes, modern AV apps share heuristic/suspicious behaviour data with the av company for a reason.

1
0
FAIL

Are Adobe ever going to get their collective arses in gear?

Their bloated explot-ridden apps need to be totally ripped down and re-written. Chances of that happening... 0.001%

1
1

No 64 build just yet

The "square" version is still at the same as before. For Linux: Shockwave Flash 10.3 d162

Bummer... Oh well, It is not like gnumeric or openoffice will try to run a flash embed in the first place... Oh will they? It will be interesting to test a sample.

0
0

Surely, Adobe Reader 10 IS Adobe Reader X?

Is Acrobat still around as a product name - the PDF creator I suppose. Well, anyway.

Does Microsoft Excel suck too, since it's used in these exploits, or is it not Microsoft's problem?

0
0
Anonymous Coward

Reader X

HAHA Adobe i have a customer who had adobe reader with sandbox installed and got a bobby trapped pdf last week.

NOW on uninstall it had the latest reader x on, i tried to update it before i pulled it and install foxit.

I wasnt onsite when it got installed and alas the user who opened the DHL email wasnt really tech savvy enough to explain exactly what happened.

But it appears the hacked installed a later version of the fake av alert that got into the stock exchange at the start of feb, so it appears they have extended out of add banners now and are trying spamming as well....

BUT PERSONALLY EVERYONE INSTALL ANY OTHER PDF READER THAN ADOBE, PROBLEM SOLVED !!!

0
0

This post has been deleted by its author

This post has been deleted by its author

This topic is closed for new posts.