Slashdot Mirror
Adobe Warns of Flash, PDF Zero-Day Attacks
InfosecWarrior writes "Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products. The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems. It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh, and Unix operating systems."
I see the 64 bit Flash plugin for Linux has not been updated. Anyone heard of a timeline for this update?
var sig = function() { sig(); }
Not sure if it's related to the announcement, but today when I opened a whole bunch of Yahoo Finance pages at a go, I got an "open/download p.pdf" prompt. By reflex I cancelled that (and I don't use Adobe for PDF stuff anyway), but it may mean that someone has managed to use popular servers to infect machines.
Perhaps I should have downloaded and tried analyzing it. Not sure where it actually comes from- yahoo may use 3rd party servers for caching, and nowadays stuff like facebook also gets involved etc.
I wonder about this. I'm sure it's a rather complex issue (that will be picked apart time again for years to come), but the one idea that leapt out at me was one you pointed out:
... HTML5 core part of browsers will likely be much better maintained & secured than [Flash], will help.
HTML5 may not be a silver bullet, but my intuition tells me we'll be much better off. But not having a clear idea of exactly why this is and spouting my intuition out, while perhaps a Slashdot tradition, is not very constructive, so I offer this intuition with this disclaimer.