Flash exploit

[LiamC]

You've got to go to a compromised site and open a malicious PDF

..."Adobe has admitted that it is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. It is planning an update soon, it said."...

http://www.theinquirer.net/inquirer/news/1469229/adobe-flash-flaws-exploited

 

[Fushigi]

Would that be a Mozilla soon (days) or a Microsoft soon (months)?

 

[Mercutio]

Adobe fixes tend to be months in the making and then only for the very newest version of their software.

Which is one of the reasons I hate Adobe.

 

[baksteentje]

Updates for both Flash and Adobe Reader should be available by the end of this month, see http://www.adobe.com/support/security/advisories/apsa09-03.html.
It seemed that Adobe was able to respect these announced dates, the last few times I checked...


To keep track of security updates, I find the overview on the secunia website quite useful (http://secunia.com/advisories/).

 

[sechs]

Adobe fixes tend to be months in the making and then only for the very newest version of their software.

Where "months" = quarterly and "newest" = last three major versions

 

[baksteentje]

FYI:
Flash player v10.0.32.18 is now available

However, on 2 DEP-enabled computers running WinXP SP3,
installation in IE8 was a bit problematic for me.

It looks to me that the "Adobe DLM" (Adobe Download manager used to download the active-X component) generated DEP errors in these cases.
Disabling DEP in IE8 allowed me to get Flash installed.
(Tools>Internet Options>Advanced>Untick "Enable memory protection to help mitigate online attacks").
After the installation, Flash seems to work OK in IE8 with DEP re-enabled.


I had no problems in IE8 on an older computer (WinXP SP3, but no DEP-support) and on several WinXpx64 machines.

 

[Howell]

Hey thanks!

 

[Fushigi]

Thanks for the update. I've updated my main Vista SP2 PCs (32 bit laptop, 64 bit desktop) for both FF & IE8. Both have DEP enabled; neither had any problems. I'll update the other PCs in the house later. They're a mix of XP SP3 & Win7. Come to think of it, I don't think I've gotten around to an initial install of Flash on the Win7 box.

 

[baksteentje]

However, on 2 DEP-enabled computers running WinXP SP3,
installation in IE8 was a bit problematic for me.

I was using the web-based installer on http://get.adobe.com/flashplayer/.
Although this did work on IE8 on some other DEP-enabled WinXP SP3 computers,
on a (rather ancient) Win2k box, the web-installer hung on the DLM-installation.

I just noticed that there is also an offline installer for IE,
which seems to work without any problems...

(I already used the problem-free offline installer for all other browsers,
but I didn't notice before that there was also one for IE).

 

[Mercutio]

Why use IE to begin with?

 

[Fushigi]

For me, I have some work sites (SharePoint and others) that aren't quite as functional with non-IE browsers. Also, my wife uses IE. I tried to get her to use FF a long time ago but she wouldn't switch. She's only recently started getting into tabbed browsing instead of launching separate windows.

 

[baksteentje]

Why use IE to begin with?

Personally, I don't, 99% of the time :grin:. (I'm a big Opera fan).
But in some (rare) cases, IE is needed.

And in the office, some colleagues still prefer IE...

So keeping IE as safe as possible is a necessary evil in my view.

 

[Mercutio]

Fushigi, it's not too late for divorce.

 

[Fushigi]

PCs aren't everything there is to life. Funny, though, between the forums she hits and facebook etc. some evening she spends more time online than I do. Of course I'm on all day for work so there's balance, but it is an odd dynamic at times.

FWIW the Flash update went on the XP machines just fine for both FF & IE.

 

[Mercutio]

PCs aren't everything there is to life.

Says you.

 

[Stereodude]

Also, my wife uses IE. I tried to get her to use FF a long time ago but she wouldn't switch. She's only recently started getting into tabbed browsing instead of launching separate windows.

I've got my wife and parents to use FireFox regularly. So that's proves there is hope.

 

[ddrueding]

Not only did I get my wife to use Firefox, but I got her to argue with the IT person at her work who was insisting on IE. He isn't there anymore.

 

[Fushigi]

Maybe in time she''ss come from the dark side but I'm not honestly worried about it. She hits mainstream sites almost exclusively and the machines are otherwise protected with AV/AS/firewall etc.

 

[sechs]

Just to prove that Merc cann't hate Adobe, the fix for the Flash exploit for Acrobat/Reader 9 was released Friday. It was pushed to me today via the automatic updater.

Updates for earlier versions are forthcoming.