In the wake of reports that malicious users have found a way to trick Adobe Reader 9 into triggering an exploitable crash in Adobe Flash 9 and 10, the US Dept. of Homeland Security’s CERT cybersecurity team is asking users and administrators everywhere to turn off Flash video in their Web browsers.
This prompted Adobe, which has recently been seeing perhaps the onset of a deluge of security issues, to update its security advisory, now rating the exploitable issue as "critical." Adobe is not advising users to take such drastic measures as disengaging Flash in their browsers (which would make it very hard to watch YouTube). What it’s suggesting instead is that users manually delete the file %ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll, which is a library that Adobe Reader and Acrobat use to trigger embedded Flash and Shockwave videos.
Follow link to read entirety.
US DHS advises users to turn off Flash pending Adobe security fix | Security News – Betanews
Crap! It’s always something, isn’t it.
With computers it sure seems that way (unfortunately).
This is good to know. I didn’t read about it anywhere, but I can’t help but wonder, don’t “malicious users” have anything better to do?
.-= Keli´s last blog ..Abundant Stupidity =-.
I will never understand what thrill people get from creating viruses and havoc with peoples computers. If it were up to me there would be a hefty monetary penalty given in addition to jail time!
*sigh* People!
Thanks for the info, Elaine. I read up on this a bit and decided to uninstall Adobe Reader 9 from my computer entirely (Adobe Reader 9 is the trigger for the attack they’re talking about) and installed the free version of PDF-XChange-Viewer in it’s place. It includes plugins for both IE and Firefox and can be set to view PDF docs “in-browser” like Adobe Reader 9 can.
I was surprised on how well it performed. Really quick.
.-= Kirk M´s last blog ..Too Wet to Burn =-.