Xkcd Tech Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 5 June 2010

Critical Adobe Flaw Being Exploited in the Wild - Again

Posted on 09:49 by Unknown
Adobe systems is reporting that a critical vulnerability affecting Adobe Acrobat, Reader, and Flash is actively being exploited in the wild.

The previously unknown flaw could crash a user's system or result in the attacker taking full control of the affected machine.

Adobe's current advice is for users to delete, rename, or remove access to the “authplay.dll” file included in both Reader and Acrobat while Adobe works on an official patch. This may not be fully effective, given that other programs may also drop this key .dll file during installation.

From the Adobe Product Security Incident Response Team blog:

A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

I've written often about Adobe's struggle with securing their product sets, and this is yet another instance where consumers are left to essentially fend for themselves.

Given the Advanced Persistent Threat environment which has developed, third-party peripheral applications continue to be seen by attackers as low-hanging fruit as they seek attack vectors to compromise consumer and corporate hosts. Adobe products are often targeted because of the ease with which they can exploited, combined with a heavy deployment saturation and poor updating practices by home users and enterprise IT departments, to the point where Adobe recently implemented code to install updates and versions automatically.

I've said it before, and I'm saying it again. Get off of Adobe products if at all possible. You can limit your attack surface by 2/3 if you simply move to an alternate .pdf file creater/reader application, and there are many free programs out there.

For now, try to implement the mitigation Adobe recommends if you can't uninstall the products, and wait for a patch.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Adobe, exploit, vulnerability | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Praying for a Big Dick
    Saturday Morning Breakfast Cereal
  • The Shame
    Oh, McRib. You are one saucy bitch.
  • Give Mom The Gift of Masturbation for Mother's Day
    Wow. I've heard of targeted marketing before, but the thought of giving your mother a DC-powered sex vibe is one forward-leaning way to ...
  • Chamber of Whores
    GRIT TV has put together a damning behind-the-scenes look at the U.S. Chamber of Commerce that details from where the money comes, and to wh...
  • Maslow's Hierarchy of Robot Needs
    Via lunchbreath's photostream on flickr
  • Matt Taibbi on Olbermann Suspension
    How Matt Taibbi is able to continually squeeze through the bullshit and come out crystal clear on the other side is beyond me, but his analy...
  • Who does Google know that you know? - Boing Boing
    It's unsettling to click a link and find that you're connected to thousands of people without your knowledge, even though that's...
  • Goodnight iPad
  • SMBC - Ass Acne
    Saturday Morning Breakfast Cereal
  • What's With All The Anal Sex Studies?
    The NYC Department of Health recently released a report entitled, "Women, Unprotected Anal Sex and HIV Risk", in which female resp...

Categories

  • activism
  • Adobe
  • advertising
  • Afghanistan
  • aging
  • airlines
  • Apple
  • Arizona
  • art
  • banking
  • Barack Obama
  • Barbie
  • blog
  • Bobblespeak Translation
  • business
  • charity
  • childhood
  • CNN
  • Colbert
  • Columbus
  • comic
  • commentary
  • compassion
  • computers
  • conservatives
  • crime
  • cyber security
  • DADT
  • data protection
  • David Letterman
  • death
  • democracy
  • dogs
  • Ebert
  • economy
  • education
  • EFF
  • energy
  • England
  • environment
  • evolution
  • exploit
  • Facebook
  • faith
  • feminism
  • finance
  • flowchart
  • food
  • football
  • Fox
  • fraud
  • gadget
  • gadgets
  • Gawker
  • gay
  • geek
  • Glenn Beck
  • Google
  • government
  • GraphJam
  • guns
  • hacking
  • history
  • holiday
  • humor
  • information security
  • iPhone
  • Japanese
  • Java
  • John Hodgman
  • Jon Stewart
  • journalism
  • law enforcement
  • legal
  • life
  • lunchbreath
  • mainstream media
  • malware
  • McCain
  • McDonald's
  • media
  • medicine
  • merchandise
  • Metasploit
  • Microsoft
  • military
  • movie
  • movies
  • MSNBC
  • Muppets
  • music
  • nature
  • New Orleans
  • news
  • newspapers
  • NFL
  • NY Times
  • Obama
  • odd
  • Oddly Specific
  • Ohio
  • Olbermann
  • parenting
  • Paul Krugman
  • pets
  • philosophy
  • photo
  • piracy
  • poetry
  • politics
  • prank
  • privacy
  • protest
  • psychology
  • Rachel Maddow
  • racism
  • radio
  • religion
  • Republicans
  • right-wing
  • robots
  • Sarah Palin
  • sarcasm
  • satire
  • Saturday Morning Breakfast Cereal
  • science
  • security
  • Seinfeld
  • sexism
  • sexy
  • SMBC
  • social networking
  • socialism
  • sports
  • Star Trek
  • Star Wars
  • Steelers
  • Stephen Colbert
  • Taibbi
  • taxes
  • tea bagging
  • technology
  • television
  • terrorism
  • The Daily Show
  • the internet
  • The Onion
  • threats
  • toys
  • veteran
  • video
  • video game
  • vulnerability
  • Wal Mart
  • xkcd.com

Blog Archive

  • ►  2013 (1)
    • ►  March (1)
  • ►  2011 (23)
    • ►  November (1)
    • ►  October (4)
    • ►  September (5)
    • ►  April (4)
    • ►  March (5)
    • ►  February (3)
    • ►  January (1)
  • ▼  2010 (476)
    • ►  December (8)
    • ►  November (7)
    • ►  October (24)
    • ►  September (10)
    • ►  August (28)
    • ►  July (44)
    • ▼  June (83)
      • Nude Woman Steals Cars, Probably Not Mormon
      • Replace Your Dog With An AT-AT
      • Robert Byrd - Pork Fritter
      • Fred Thompson, Sleazy Huckster
      • Sunday Morning Coffee in the Backyard Gazebo
      • Treme - A Good Man Slips Beneath The Water
      • Lewis Black on the Oil Spill
      • Megan Fox or Naked Mannequin - You Make The Call
      • Don't Try To Win A Staring Contest With A Muppet
      • Spinach Ick
      • Bobby Jindal Confuses Invocation With Reaction
      • Chris Dodd Is Happy About Something Or Other
      • Rachel Maddow's Gulf Oil Map
      • John Lee Hooker - The Healer
      • Sam Seder Calls Bullshit on Social Security Crisis
      • The Afterlife: So Long and Thanks For All The Fish
      • Gahanna Blues
      • Joe Biden Says What We're All Thinking About Barton
      • Energy Independence? When Pigs Fly
      • Real Time Mario Soundtrack By Violin
      • Mr. President, your flowery verbiage is opaque and...
      • Political Arm Twisting
      • Father's Day Marketing
      • Ball Waxing For Charity
      • Gay Blood is Icky?
      • How To Do A Political Apology
      • Norah Jones - Are You Lonesome Tonight?
      • Comic Sans Takes A Stand
      • Obama and TV and Oil (Oh My!)
      • Pac Man vs. Mario
      • The Johnny Cash Project
      • Sarah Palin - The Olive Oyl of Energy Policy
      • Is Obama Really Cartman?
      • Bobblespeak Translation of Obama's Oil Speech
      • You Clearly Don't Understand The Point of a Penis
      • Hunting Bin Laden With A Sword
      • Digby Has A New Rule
      • KT Tunstall - Other Side of the World
      • Arizona Politician Gets Schooled
      • Jeff Beck - Drown In My Own Tears
      • Drunk Ohio Woman Poops Pants During Traffic Stop, ...
      • Boehner Flip Flops on BP Liability Cap
      • I9 Avalon Bowl Flag Football Benefit
      • Billie Holiday - The Blues Are Brewin'
      • Classic Restaurant Restroom
      • B.B. King - Key to the Highway
      • Deleted Your Facebook Account? Think Again
      • Fire Tony Hayward, BP CEO
      • Marines in Marja and the Battles to Come
      • XKCD - Phobia
      • Sharron Angle - All Fringe, All The Time
      • Stevie Ray Vaughan - The Sky is Crying
      • Adobe Flash Player Update Fixes 32 Security Flaws
      • Alfred Hitchcock's 'That's What SHE Said'
      • Hot Banker Wants To Be 'Tits on a Stick'
      • Vulnerability in Microsoft Windows Help and Suppor...
      • BP Execs Clean Up Coffee Spill
      • Fabulous Thunderbirds - Tough Enough
      • XKCD - Swimsuit Issue
      • Jon Stewart - Ass Quest
      • Primary Election Wisdom
      • John Lee Hooker - Hobo Blues
      • Microsoft Security Bulletin for June 2010 Is A Doozy
      • Teaberry Ice Cream - A Taste of Summer
      • British Shin Kicking Championship
      • Tommy Castro - Guilty of Love
      • Harvey Danger - I'm Not Sick But I'm Not Well!
      • Will Brazilian Butt Dance Give Me A Broken Beak?
      • Thea Gilmore - Old Soul
      • Roger Ebert's Essay on the Arizona School Mural
      • We, The People, Want The Keys Back
      • Critical Adobe Flaw Being Exploited in the Wild - ...
      • Dog Day Afternoon
      • John Boehner - Embarrassing Ohio Since 1990
      • The Reoccurring Prop Newspaper Gag
      • Drunk Driving in Dallas
      • Rachel Maddow's Heartfelt Oil Spill Disgust
      • Evolutionary Psychology Bingo
      • Google vs Microsoft - What's In It For You
      • Lego My Earbuds
      • Bone Eating Snot Flower Worm
      • Blogging Takes Its Toll
      • Bo Diddley - Who Do You Love?
    • ►  May (147)
    • ►  April (125)
Powered by Blogger.

About Me

Unknown
View my complete profile