October 29, 2010 at 01:58Adobe products again have vulnerabilities. Under the blow of Flash, Reader / Acrobat
A few hours ago, the Secunia portal announced the detected zero-day vulnerabilities in Adobe Flash (because of this, for example, Google Chrome with an integrated module was hit) and Adobe Reader / Acrobat. Under cat details and first aid
The vulnerability was discovered in the latest version of Flash Player 10.1.85.3 on Linux, Mac OS X, Solaris, and Windows. The vulnerability also affects Flash Player 10.1.95.2 for Android. What causes the error is unclear, but with its help an attacker can remotely execute arbitrary code. Neither Adobe nor Secunia found any crutches for temporary defense against the hole with an ultra-high level of danger, except for the standard "do not visit malicious sites or disable the plugin."
On my own, I can assume that in the Google Chrome browser you can try to prescribe the --safe-plugins parameter. This parameter will force all plug-ins to run in the sandbox, although this can cause inoperability and plugin glitches. Click-to-play is also suitable (in the stable release it is disabled, but in dev, canary and Chromium there is) or a global ban on local permissions of trusted sites through advanced options -> content settings -> plug-ins (so, by the way, always do, because in flash player holes occur at an enviable frequency). For other browsers, there is an option to run in a virtual machine or a third-party sandbox such as Sandboxie under Windows. For Opera, a global ban on plug-ins with permission for trusted sites is also suitable (General settings - Advanced - Content - Uncheck "Enable plugins" (Enable locally through the settings for sites)).
Dear Thomas Habrauser, pointed out the possibility of securing himself with the FlashBlock extension for Firefox .
For Google Chrome Stable, FlashControl is suitable .
Dear rolltin habruiser , it’s possible to use the option in Opera:
opera: config # UserPrefs | EnableOnDemandPlugin
Acts like FlashBlock.
The official patch is expected on November 9th.
Vulnerabilities in these products are caused by the same unknown reasons in Adobe Flash, because they are related to the execution of dynamic content in .pdf documents (Adobe Reader for Android is not affected by vulnerabilities). There are already cases of exploiting this vulnerability and infecting computers with infection. The patch will be released tentatively on November 15, 2010. In the meantime, there is an opportunity to solve the problem by force, removing the holey components. The solution can be found here .
Vulnerability in Adobe Flash [Closed]
Adobe Reader / Acrobat
Google Chrome [Closed] A
malware that was repelled when a hole was detected
Adobe Flash Player
The vulnerability was discovered in the latest version of Flash Player 10.1.85.3 on Linux, Mac OS X, Solaris, and Windows. The vulnerability also affects Flash Player 10.1.95.2 for Android. What causes the error is unclear, but with its help an attacker can remotely execute arbitrary code. Neither Adobe nor Secunia found any crutches for temporary defense against the hole with an ultra-high level of danger, except for the standard "do not visit malicious sites or disable the plugin."
On my own, I can assume that in the Google Chrome browser you can try to prescribe the --safe-plugins parameter. This parameter will force all plug-ins to run in the sandbox, although this can cause inoperability and plugin glitches. Click-to-play is also suitable (in the stable release it is disabled, but in dev, canary and Chromium there is) or a global ban on local permissions of trusted sites through advanced options -> content settings -> plug-ins (so, by the way, always do, because in flash player holes occur at an enviable frequency). For other browsers, there is an option to run in a virtual machine or a third-party sandbox such as Sandboxie under Windows. For Opera, a global ban on plug-ins with permission for trusted sites is also suitable (General settings - Advanced - Content - Uncheck "Enable plugins" (Enable locally through the settings for sites)).
Dear Thomas Habrauser, pointed out the possibility of securing himself with the FlashBlock extension for Firefox .
For Google Chrome Stable, FlashControl is suitable .
Dear rolltin habruiser , it’s possible to use the option in Opera:
opera: config # UserPrefs | EnableOnDemandPlugin
Acts like FlashBlock.
The official patch is expected on November 9th.
Adobe Reader / Acrobat
Vulnerabilities in these products are caused by the same unknown reasons in Adobe Flash, because they are related to the execution of dynamic content in .pdf documents (Adobe Reader for Android is not affected by vulnerabilities). There are already cases of exploiting this vulnerability and infecting computers with infection. The patch will be released tentatively on November 15, 2010. In the meantime, there is an opportunity to solve the problem by force, removing the holey components. The solution can be found here .
More details
Vulnerability in Adobe Flash [Closed]
Adobe Reader / Acrobat
Google Chrome [Closed] A
malware that was repelled when a hole was detected