Security Alert

Report · Jun 08, 2010

Hello, I just heard about the security alert for adobe acrobat, adobe reader and flash player. I removed the recommended file for Acrobat reader. I wasn't clear on what needed to be done for Acrobat (the program). Also, the recommendation for Flash is to download the latest beta player, but it looks like people are having issues with it actually working. Does anyone have any further information on this, and also have a recommendation on a Virus protection program for the Mac? thanks

Report · Jun 08, 2010

Hi, you can read the Adobe Security Advisory here:

http://www.adobe.com/support/security/advisories/apsa10-01.html

Regarding an AV for Mac, I would think www.avast.com has a free version for the Mac also. Avast is a good program without being so intrusive as others. I'm sure AVG does as well.

For Flash Player, it seems the 10.1 is the only "solution" that I've seen. I read that Adobe is working on a fix by 6/10/2010.

This article explains some things to avoid in the meantime:

http://www.symantec.com/connect/blogs/0-day-attack-wild-adobe-flash-reader-and-acrobat

Hope that is helpful.

eidnolb

P.S. Forgot one:

http://krebsonsecurity.com/ This came from one of our users.

Message was edited by: eidnolb

Report · Jun 08, 2010

Thank you for responding. Yes I did see the alert. Thank you for those other links too!

I read some other posts and it sounded like people downloaded the newest Flash player that Adobe is recommending, but were not able to get it to work. I'm wondering if I should just delete my FP and wait for the update on 6/10.

Report · Jun 08, 2010

Hi, I don't know what is best at this point about Flash Player. The advisory did not say what to do other than the 10.1. Since it is not know what exactly the vulnerability is, it is difficult to know what to do if anyone doesn't want the 10.1.

That one article listed places to avoid so I'm doing that. Make sure your Anti-Virus is up to date. Regarding deleting the Flash Player, that is an option. If you don't want it to work, you can Disable the Shockwave Flash Object in the IE add ons.

But is that a solution? We don't know, but FP won't work with that add on Disabled.

We really don't have too much to go on regarding Flash Player at this time.

If you have any on demand Anti-Virus Scanners, you may want to run them more frequently. Extra security steps is all that I can suggest. I'm in the same boat as you:-)

Don't forget to mark your thread as answered as you picked a good title. Other users will benefit from your thread with the links and it will certainly save me some time. (I can run my scanners more:-)

Thanks,

eidnolb

Report · Jun 08, 2010

Does anyone know if removing authplay.dll will also resolve the 0-day security risk for flash? The KB article is not clear if removing this file will also fix the problem with flash or is the only solution to upgrade to the release candidate? Here is the KB article: http://www.adobe.com/support/security/advisories/apsa10-01.html

I only want to disable flash if that's the only alternative.

-thanks

mike

Report · Jun 08, 2010

Hi mj, The most I know about this I have posted in this thread. Just review the posts here, I think that should answer your questions. You should also review the articles that I linked to. They have some add'l info.

Thanks,

eidnolb

Report · Jun 08, 2010

The vulerability only exists when a PDF is opened that has Flash content. In the many years I have worked with PDF files I have never seen one with Flash content - I think it is very rare.

I think the best is to remain calm and wait until the fix is released tomorrow.