• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Adobe flash exploit, no patch yet, must rename file

Modelworks

Modelworks

Lifer
Until a patch is out people need to rename the file.

http://www.h-online.com/security/ne...-Flash-Player-Reader-and-Acrobat-1016145.html


According to a security advisory from Adobe, there is a critical vulnerability in Flash Player 10.0.45.2 (and earlier versions) and in the authplay.dll component that ships with Adobe Reader and Acrobat 9.0; Windows, Mac OS X, Unix and Linux versions are all vulnerable. Attackers can exploit the hole to crash the software or gain control of the system and there are already reports of exploitation in the wild for all three products.
The Flash Player 10.1 release candidate is apparently not vulnerable and Adobe offer the option of installing this as a mitigation step. For Reader and Acrobat 9.x, Adobe recommend deleting, renaming or removing access to the authplay.dll file to mitigate the threat.
Click to expand...
 
Just to clarify, a patch for Flash Player is supposed to be out by Thursday. However, they won't release the Acrobat 9.x patch until later. They expect to release an Acrobat patch by June 29, 2010, which from what I'm reading is intentionally delayed yet still accelerated from their quarterly patch cycle.

http://blogs.adobe.com/asset/2010/06/background_on_apsa10-01_patch.html

"Two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments"

I consider that excuse a bit BS. To mitigate the issue, we'll have to go through a change management to rename the file and then revert the filename when the patch is ready to be applied.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top