Adobe Systems plans to release emergency patches for its Flash and Reader applications after learning a critical vulnerability is being exploited to install malware on vulnerable machines. The out-of-cycle patches for Adobe Flash Player 10 and Acrobat and Reader versions 9, 10, and X will arrive during the week March 21, the …
You Can Fool Some of the People For Years and Years
You can fool some of the people all of the time and all of the people some of the time but anyone still running Adobe Reader after ~10 years and ~10 major versions of this crap is the fool of all fools. But hey, all you need is another 100M download to solve the problem - or at least delay it for another month.
And there is a reason why you'd need flash embedded in Excel?
I want Flash on my phone ASAP!
Adobe's sandbox is just dandy
If it didn't break integration with at least one other vendor's apps who then advise you to disable it...
Yes, but it is the integration that causes these problems.
When everything didn't try to automatically do everything all inside and link to everything else there were few attack vectors. This happened because a Flash object was embeded inside an Excel object, that was embeded in an email...
A "preponderance" of caution?
I do not think it means what he thinks it means. Tell him to try "abundance" next time.
Please, html5, kill flash soon.
Mine is the one with abacus in the pocket. Can't exploit that one, can you? Not a single version update in 100 years, and the only crash bug is when you use it to, ahem, kill insects.
So as DEP may prevent some attacks, MS doesn't ship some obvious flaw fixers to their products?
Isn't sandbox'es purpose pushed a bit too much in this case? What if black hats are in "wait and see" mode and will release sandbox beating exploit variant later?
It is almost like showing off a demo risking millions of users. They don't even have the exploit in hand and I bet they never contacted kaspersky/f-secure/avast etc. to figure if they got some heuristic hit in their hand. Yes, modern AV apps share heuristic/suspicious behaviour data with the av company for a reason.
Are Adobe ever going to get their collective arses in gear?
Their bloated explot-ridden apps need to be totally ripped down and re-written. Chances of that happening... 0.001%
No 64 build just yet
The "square" version is still at the same as before. For Linux: Shockwave Flash 10.3 d162
Bummer... Oh well, It is not like gnumeric or openoffice will try to run a flash embed in the first place... Oh will they? It will be interesting to test a sample.
Surely, Adobe Reader 10 IS Adobe Reader X?
Is Acrobat still around as a product name - the PDF creator I suppose. Well, anyway.
Does Microsoft Excel suck too, since it's used in these exploits, or is it not Microsoft's problem?
HAHA Adobe i have a customer who had adobe reader with sandbox installed and got a bobby trapped pdf last week.
NOW on uninstall it had the latest reader x on, i tried to update it before i pulled it and install foxit.
I wasnt onsite when it got installed and alas the user who opened the DHL email wasnt really tech savvy enough to explain exactly what happened.
But it appears the hacked installed a later version of the fake av alert that got into the stock exchange at the start of feb, so it appears they have extended out of add banners now and are trying spamming as well....
BUT PERSONALLY EVERYONE INSTALL ANY OTHER PDF READER THAN ADOBE, PROBLEM SOLVED !!!