Today a new Adobe Flash and Adobe Reader exploit became public knowledge. It's actively being exploited, and we could all be targets.
Quote:Adobe has announced that an exploitable flaw in Adobe Reader 9.x, Acrobat 9.x, and Flash 9.x and 10.x has been discovered and is being actively exploited. Windows, Mac OS X, and Linux versions are all affected. The flaw allows arbitrary code execution by attackers, and hence it is deemed "critical."
The article linked provides some details on how to protect yourself. But in summary, there is no current fix from Adobe. Downgrading to Reader 8.x can save you there, and apparently updating to the latest 10.1 beta of flash can help, but that seems scary in it's own right.
If you don't have an authenticator already, we'd recommend getting one. Pick your flavor:
- Physical Device (US Version)
- They have an iPhone app for that.
- Available on the Android Marketplace
- Download for some US cellphones
Be safe guys.
see here for the latest advisory by adobe.
in short: the latest Flash Version (10.1.53.64) is said to fix that issue, however adobe reader is not. a fixed version of adobe reader will by provided on June 29, 2010 as stated by upstream in the advisory linked by ArsTechnica
seems like every day flash reader has a new vulnerability
I can't find "authplay.dll" at all in my system. Am I screwed?
I recently just had an authenticator activated on my account, NOT by me. Think I got hacked
It's hardly newsworthy that adobe stuff is ridden with security holes, but we get so many people talking about stolen passwords every time one of these exploits becomes public it's worth while to try to stem it, even a little.
Other than "why is this news here?"
I see why Apple doesn't want Flash on their iPad.