Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Upgrades IT

Adobe To Push Emergency Fix For Flash Bug 78

Trailrunner7 writes "Adobe has moved up the release date for the patch for the critical bug in Adobe Flash Player revealed last week, and now plans to have an emergency fix ready on Thursday. The company still plans to patch Reader two weeks from now. The vulnerability in Flash also exists in Reader and researchers said last week that attackers had already begun exploiting the bug in Reader by the time that Adobe acknowledged the problem and published an advisory. At the time of the initial advisory, Adobe officials said they planned to release a patch for Flash on Nov. 9 and for Reader on Nov. 15."
This discussion has been archived. No new comments can be posted.

Adobe To Push Emergency Fix For Flash Bug

Comments Filter:
  • by Andy Smith ( 55346 ) on Wednesday November 03, 2010 @12:48PM (#34114514)

    "revealed last week"
    "emergency fix"
    "Thursday"

  • by Anonymous Coward
    Let me guess. With this new fix, we will have the best, safest Flash ever.
  • I tried to look at a photo of someone who won a Governors office today via Google images. The site I landed on popped up the Firefox Flash update screen for a second, then asked to update Firefox from a .cc site, which I denied. Was I almost taken by this exploit, or am I being paranoid?

  • When are FroYo devices running 10.1 getting the update? When's HTC and Sprint, HTC and AT&T, HTC and TMobile and HTC and Verizon planning on doing an OTA? When's Motorola? Samsung? etc. etc. etc.

  • by savvysteve ( 1915898 ) on Wednesday November 03, 2010 @01:14PM (#34114834)
    In my experience outdated third party plugins like flash, reader and even java seem to be the way a lot of the attacks are happening lately. I watched a fake antivirus load to my PC after it somehow launch adobe reader about a year ago. An outbreak of fake antiviurses on machines revealed the same outdated version of java loaded on those machines. Sadly the end users affected normally were pretty good about their surfing habits even though the job required a lot of research work. It isn't just windows updates to worry about anymore.
  • just moved my entire network (243 computers) off of reader 9 to reader 8.Testing repl acements now. F*ck Adobe.

    • Re: (Score:3, Insightful)

      by zonky ( 1153039 )
      What makes you think reader 8 is any better, security rise? It's just unsupported.
    • by EXrider ( 756168 )

      just moved my entire network (243 computers) off of reader 9 to reader 8.Testing repl acements now. F*ck Adobe.

      Did you know that all you had to do was remove one DLL? I just rolled a logon script out to rename authplay.dll (the flash component of Reader) on every machine, problem mitigated. Unfortunately, most people here need the real Adobe reader, as we do a lot of graphics and print, so 3rd party replacements aren't an option yet.

  • Too late (Score:1, Informative)

    by Anonymous Coward

    I already replaced it with gnash and I am satisfied.

  • This is why the NSA have stopped harping on about the clipper chip and other mandatory back doors.

    They don't need 'em!

    Makes me laugh about eulas in general:

    "I the customer promise not to reverse engineer or copy this big security hole, and to let you disperse all my private data, and in return you promise that you may or may not abuse me in the aforementioned fashion, or permit such abuse by third, fourth and fifth parties."

    Where's all the class action lawsuits?

    • by bmo ( 77928 )

      From "Good Omens" by Terry Pratchett and Neil Gaiman:

      Along with the standard computer warranty agreement which said that if the machine 1) didn't work, 2) didn't do what the expensive advertisements said, 3) electrocuted the immediate neighborhood, 4) and in fact failed entirely to be inside the expensive box when you opened it, this was expressly, absolutely, implicitly and in no event the fault or responsibility of the manufacturer, that the purchaser should consider himself lucky to be allowed to give hi

  • I think the time is ripe to get on the bandwagon of safety-critical software development methodologies. It has been shown over an over that there is a bunch of code, in widespread use, whose failures cause extensive economical harm -- even if the harm to the individual is small, the collective expense is major and measured in USD billions. Flash Player and Reader fall into the category of software whose safety shortcomings cause extensive economical harm. Why are those developed using "standard" (read: cav

  • by bubblegoose ( 473320 ) <bubblegoose@@@gmail...com> on Wednesday November 03, 2010 @01:35PM (#34115164) Homepage Journal

    The Flash updater annoyed me the last time I ran it. The last update I applied snuck some Mcafee software on to my machine.

    The flash updater now has the checkbox checked by default for mcafee security scan plus, and they moved the checkbox so you don't notice it when you are glancing at the installer.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Click to download, DONT accept their stupid "Download Assistant" and start clicking through the support pages...eventually you'll find the executables in the clear...

      http://kb2.adobe.com/cps/855/cpsid_85599.html

    • by Tynin ( 634655 ) on Wednesday November 03, 2010 @02:10PM (#34115572)

      The Flash updater annoyed me the last time I ran it. The last update I applied snuck some Mcafee software on to my machine.

      Thank you greatly for posting this. On my workstation I had an Adobe Flash Updater pop up on me in the last week or 2, I let it run and do it's thing. So, the next day at work I noticed Mcafee Security Scan (or some such) on my computer, I thought it was strange and even double checked that the corporate mandated Symantec was still installed and running. I just chalked it up to some manager deciding to inflict the masses with another ill conceived GPO push. I meant to question our helpdesk about it, but I glossed over it by the next day.

      They must have really snuck that checkbox in very well, I'm pretty diligent with my usual "is this software trying to push additional crapware on me" scan for checkboxes and didn't see it. I often expect them in pretty much everything these days (I'm looking at you Java), but I hadn't noticed the Flash Updater sneaking them in before.

    • This also really ticked me off. Firefox did the update of flash last time it updated and at no time was I shown an opt in (pre-checked or otherwise) for that crap Mcafee product. The functionality provided by Acrobat Reader and Flash (more annoying ads?) are starting to not balance in terms of the exposure to vulnerabilities, crap bundled installs, and weekly updates.
    • Amen (Score:3, Insightful)

      How is this even legal, given they are security updates? Plus, we now have to seek out the more obscure 'clean' update to prevent the Adobe Download Manager (DLM) from infecting our browsers. Adobe is really starting to feel like a virus.
  • Where do I click .. (Score:3, Informative)

    by viralMeme ( 1461143 ) on Wednesday November 03, 2010 @01:59PM (#34115432)
    Where do I click to get 'infected`, besides there is no authplay.dll on my computer.

    "A critical vulnerability has been identified in Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX" link [threatpost.com]

    Shockwave Flash 10.1 on Ubuntu 10.10 ..
    • by tokul ( 682258 )

      Where do I click to get 'infected`, besides there is no authplay.dll on my computer.
      ...
      Shockwave Flash 10.1 on Ubuntu 10.10 ..

      Your quote said that autoplay.dll is in Acrobat Reader 9.4 for Windows. You maybe be vulnerable only to Flash part of this security report

      You don't have Shockwave Flash on your machine. You have only Flash. Adobe does not provide Shockwave packages for Linux. Current Shockwave version is 11.5 something.

  • Belated (Score:2, Interesting)

    Most of us who are knowledgeable about programmatic structure, syntax, idiosyncracies, faults, and exploits advised Adobe, either formally and directly through communique or informally and indirectly through public message boards, to patch their vulnerabilities about fifteen years ago.

    One ring to rule them all? Patch one bug and patch them all? For #$*@'s sakes... you people have more code-holes than Ivory [wikipedia.org] running 300 BAUD and a caller drop carrier with an immediate callback.

    The only sane approach is to j

  • KILL IT WITH FIRE.

  • Doesn't this story get posted every week? Why not just make it a permanent item on the /. home page?

  • Could the next patched version of Flash 10.x have a 64 bit Debug Version also? Thanks in advance.

A Fortran compiler is the hobgoblin of little minis.

Working...