So much for Adobe’s quarterly updates. We can’t even go two months without writing about another Adobe vulnerability. SC Magazine just announced that ANOTHER zero-day exploit for Adobe has been discovered. CERT has also issued an advisory.
The latest vulnerability impacts Flash Player 9 and 10 and Adobe Reader and Acrobat 9 on Windows, Macintosh and Linux operating systems. This one is real folks and is already occurring in the wild. The issue has to do with the Flash module and the fact that you can embed Flash objects in a PDF. The flaw can cause your computer to crash or allow an attacker to take control of an affected system.
A fix is expected by the end of the month. In the meantime, users of Adobe Reader and Acrobat can delete, rename or remove access to the authplay.dll file. Sure, let your users go screwing around with file deletions. We don’t think so. You still have the problem with the Flash Player since there is no temporary fix available. Not much help there either.
So what’s a user to do? As Elmer Fudd would say, “Be very, very, careful.”
- John and Mike
(703) 359-0700
digitalsamurai@senseient.com
www.senseient.com
