📜 ⬆️ ⬇️

In Adobe products again vulnerabilities. Hit by Flash, Reader / Acrobat

A few hours ago, Secunia portal announced zero-day vulnerabilities in Adobe Flash (because of this, Google Chrome with an integrated module, for example) and Adobe Reader / Acrobat were hit. Under the cut the details and the first emergency help

Adobe Flash Player

Vulnerability found in the latest version of Flash Player on Linux, Mac OS X, Solaris and Windows. Also, the vulnerability concerns Flash Player for Android. What causes the error is unclear, but with its help an attacker can remotely execute arbitrary code. Neither Adobe nor Secunia found any crutches for a temporary defense against a hole with an ultra-high level of danger, except for standard “do not visit malicious sites or disable the plugin”.
From myself I can assume that you can try setting the parameter - safe-plugins in the Google Chrome browser. This option will force all plug-ins in the sandbox, although this can cause plug-in glitches and inoperability. Click-to-play is also suitable (it is disabled in the stable release, but there is a dev, canary and Chromium) or a global ban on local permissions of trusted sites through advanced settings -> content settings -> plug-ins (so, however, always do, because in flash player holes appear with an enviable frequency). For other browsers, there is an option to run in a virtual machine or a third-party sandbox like Sandboxie under Windows. For Opera, also, a global ban on plug-ins with permission for trusted sites (General settings - Advanced - Content - Uncheck Enable plugins (Enable locally via settings for sites) is suitable).
Dear habraumer Thomas pointed to the opportunity to protect themselves with the FlashBlock extension for Firefox .
For Google Chrome Stable, FlashControl is suitable.
Dear rollin habrauser says that you can use the option in Opera:
opera: config # UserPrefs | EnableOnDemandPlugin
Acts like FlashBlock.
The official patch is expected on November 9th.

Adobe Reader / Acrobat

Vulnerabilities in these products are caused by the same unknown causes in Adobe Flash, because they are related to the execution of dynamic content in .pdf documents (the vulnerability is not affected by Adobe Reader for Android). There are already instances of the use of this vulnerability and the destruction of computers. The patch will be released approximately November 15, 2010. In the meantime, it is possible to solve the problem by force, removing the holey components. The solution can be found here .

Read more

Vulnerability in Adobe Flash [Closed]
Adobe Reader / Acrobat
Google Chrome [Closed]
The malware that was replayed when a hole was detected


Source: https://habr.com/ru/post/107140/

All Articles