http://www.guardian.co.uk/technology/blog/2010/jun/07/adobe-warns-flash-security-flaw
Posts tagged #Adobe
Adobe Reader Issues
There have been so many Adobe Acrobat & Reader vulnerabilities of late that we were considering making an Adobe page.
Put very simply, we (and Adobe) suggest making the following changes to your Reader and Acrobat preferences:
Go to Trust Management and uncheck "Allow opening of non-PDF file attachments with external applications"
Go to Javascript and uncheck "Enable Acrobat Javascript"
Further reading from the Adobe Blog
Adobe Download Manager Exploit
Adobe has announced that a critical vulnerability has been identified in the Adobe Download Manager. This vulnerability (CVE-2010-0189) could potentially allow an attacker to download and install unauthorized software onto a user's system.
Users who have downloaded Adobe Reader for Windows from http://get.adobe.com/reader/ or Adobe Flash Player for Windows from http://get.adobe.com/flashplayer/ prior to the release of this Security Bulletin on February 23, 2010, can verify they are not vulnerable to this Adobe Download Manager issue by following the instructions below.
- Ensure that the C:Program FilesNOS folder and its contents ("NOS files") are not present on your system. (If the folder is present, follow the steps below to remove).
- Click "Start" > "Run" and type "services.msc". Ensure that "getPlus(R) Helper" is not present in the list of services.
If the NOS files are found, the Adobe Download Manager issue can be mitigated by:
- Navigating to Start > Control Panel > Add or Remove Programs > Adobe Download Manager, and selecting Remove to remove the Adobe Download Manager from your system.
OR
- Clicking "Start" > "Run" and typing "services.msc". Then deleting "getPlus(R) Helper" from the list of services.
- Then delete the C:Program FilesNOS folder and its contents.
Adobe releases security update for Reader & Acrobat
This new bulletin, APSB10-07, is a security update for Adobe Reader and Acrobat. These updates address two
critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorised cross-domain requests, or cause a denial-of-service condition.
We advise you to update Adobe Reader and Acrobat (all platforms)
Please see our previous post for updates to Adobe Flash
Relevant Url:
http://www.adobe.com/support/security/bulletins/apsb10-07.html
Another Adobe Update (Windows and Mac)
Adobe has released updates for Flash Player with a Tue 16th Feb release of Acrobat and Reader.
As Adobe products seem to be the target of an awful lot of exploits recently, you are urged to update those products as soon as possible.
Remember, we advise you to turn OFF javascript within Reader as a matter of course, which will prevent many vulnerabilities whenever they arise.
There are currently two bulletins:
The first bulletin, APSB10-06, is a security update for Adobe Flash
Player and Adobe AIR that addresses a critical vulnerability.
Exploitation of these vulnerabilities may allow an attacker to make
unauthorized cross-domain requests. The bulletin indicates that the
update also addresses a potential denial-of-service issue.
The second bulletin, APSB10-07, is a security advisory for Adobe
Reader and Acrobat. This shows that Adobe is planning to
release updates for Adobe Reader and Acrobat on February 16, 2010 to
address other critical security issues.
Please head here:
http://www.adobe.com/support/security/bulletins/apsb10-06.html
http://www.adobe.com/support/security/bulletins/apsb10-07.html
(both links safe as of time of posting)