Adobe Current Vulnerability

I noticed on my Tech News that, Adobe are running with a current vulnerability.

Affected software.

  • Adobe Flash Player 10.0.45.2 and earlier 10.0.x versions for Win, Mac, Linux and Solaris
  • Adobe Flash Player 9.0.262 and earlier 9.0.x versions for Win, Mac, Linux and Solaris
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Win, Mac and UNIX
  • Adobe Flash Player 10.1 Release Candidate does not appear to be vulnerable
  • Adobe Reader and Acrobat 8.x are confirmed not vulnerable

Does N360 recognize and block this vulnerability ?

Can the infection be incurred by, IE Browser casually reaching a bad Flash page ?

Is it a case of don't click on any Adobe stuff from unknown sites, until the fix ?

Currently, all my Adobe IE Browser add-on's are disabled. Is that enough ?
Is it ok to leave the Adobe add-on's enabled; but, watch what you browse / open ?


Reply appreciated, as ever.

Regards. AK

Hi photo762

 

It seems to be quite serious so I think we will see an update from Adobe very quickly. I think in the meantime one should exercise caution when on the Web.

Refer to the following information:

http://www.symantec.com/norton/security_response/vulnerability.jsp?bid=40586


Yogesh

... after thinking about what was next posted, ... still not clear enough.

What do we do about the reported vulnerability?  Will adobe reader version 8 and 5 still be safe?  How do we update or upgrade adobe reader 5 or 8?  What about the "flash player"?  I'm not even sure how to check which company or version of flash player is installed on my computers;  might I have Shockwave Flash Player on one and Adobe Flash Player on the other?  Some software details on my machines are easy to check, but not these.

I did an all files search for authplay.dll, the file mention in the text, of 5000 dll files found, none was authplay.dll.

I can only guess that authplay.dll arrives with the file to be played or it's not part of the software I have loaded on my PC.

Currently using Adobe Reader 8 and Adobe Flash Player 10.0.45.2

Well, at least Adobe Reader 8, I've disabled Adobe Flash Player 10.0.45.2, as my IE Browser confirms, until the "Adobe Fix".

AK


g_cafe_c wrote:

... after thinking about what was next posted, ... still not clear enough.

What do we do about the reported vulnerability?  Will adobe reader version 8 and 5 still be safe?  How do we update or upgrade adobe reader 5 or 8?  What about the "flash player"?  I'm not even sure how to check which company or version of flash player is installed on my computers;  might I have Shockwave Flash Player on one and Adobe Flash Player on the other?  Some software details on my machines are easy to check, but not these.


Hi g_cafe_c

 

Perhaps you can get the answers you need about your Adobe software from the Adobe Forums. Here is the web link to get there.

 

http://forums.adobe.com/index.jspa

I found the following text, regarding the Adobe Vulnerability on:-

http://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader

"Last weekend, we warned our customers about a Zero-day exploit targeting Adobe Flash and Reader in the wild. The corresponding BID can be seen here. We have updated our antivirus definitions in order to detect this new threat as Trojan.Pidief.J, and we have done an analysis of this new exploit to understand how it works."

 

Not being much of a techy, does the antivirus update cover the vulnerability, up to and, as well as, any Adobe Fix ?

Basically; is it ok, to run the Flash Player, covered by the antivirus definition for Trojan.Pidief.J ?

Appreciated. AK

Adobe Flash Player version 10.1, is currently the default on the Adobe website.
Downloaded and installed, OK

Regards. AK

 


photo762 wrote:

I did an all files search for authplay.dll, the file mention in the text, of 5000 dll files found, none was authplay.dll.

Currently using Adobe Reader 8


 

Hi photo762,

 

As stated in your first post:

 


 

Affected software

    • Adobe Reader and Acrobat 8.x are confirmed not vulnerable

You answered your own question - you are safe using Adobe Reader 8.

It was the Flash Player, more than Reader 8, that was contentious.

Thanks anyway. AK