Author Topic: Critical vulnerability in Flash and Acrobat Reader *updated June 8*  (Read 2733 times)

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
http://www.hardmac.com/news/2010/06/07/cri...ash-and-acrobat

http://www.adobe.com/support/security/advi.../apsa10-01.html

What is unclear, is whether or not the Mac version is actually vulnerable, since Adobe cites the .dll file in particular. The .dll file referenced in the Adobe article doesn't seem to exist on the Mac, though I found one by that name in my Applications->Adobe Contribute CS4->Configuration->flash player folder. What it's doing there, I don't know. Macs don't use .dll files so I'm not sure what it's doing there, if anything. There are a few others on my system, but they're all in cross-platform apps or things that are directly related to Windows in some way or other.
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline kimmer

  • Administrator
  • TS Addict
  • *****
  • Posts: 9086
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #1 on: June 07, 2010, 08:48:39 PM »
Okay, I'm confused here.

Reader, I went to a back up and reinstalled Reader 8 (which I had just dumped!). So that's okay.

But the flash thing ... Adobe says "The Flash Player 10.1 Release Candidate does not appear to be vulnerable." As a "release candidate, it's beta, is it not? Is is stable? I don't want to install it and have worse problems.

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #2 on: June 07, 2010, 09:11:30 PM »
Release candidates are typically one step beyond beta - pretty close to actually being released, and rarely contain any major bugs.

http://en.wikipedia.org/wiki/Software_release_life_cycle
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline kimmer

  • Administrator
  • TS Addict
  • *****
  • Posts: 9086
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #3 on: June 07, 2010, 09:18:20 PM »
Thanks, Paddy. I'll go ahead and install it.

Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14735
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #4 on: June 08, 2010, 02:15:25 AM »
Apparently only Reader and Acrobat 9 are the vulnerable ones for Macs. I have Acrobat 5 and Reader 7 which don't have the SWF related files.

More info here on how to track down the files and secure Acrobat and Reader.

http://antivirus.about.com/od/securitytips...finpdfonmac.htm

http://antivirus.about.com/b/2010/06/07/ye...day-exploit.htm
« Last Edit: June 08, 2010, 02:16:10 AM by krissel »


A Techsurvivors founder

Offline Jack W

  • TS Addict
  • *****
  • Posts: 2597
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #5 on: June 08, 2010, 08:46:52 AM »
Went to your first link Paddy.

Took the advice offered therein and deleted that little sucker.

 thanx.gif  , Jack
« Last Edit: June 08, 2010, 08:47:20 AM by Jack W »
Good to be Here.

My Macs: 2010 27" alum iMac 2.8GHz, Snow Leopard 10.6.8/Mavericks 10.9.5, 4GB SDRAM (Workhorse),
13” Late 2010 MacBook Pro 2.4GHz, 10.6.8, 2GB SDRAM,
(2) External HD - Firewire/USB Macally Enclosures  with 1TB Hitachi Drives,
Time Machine external drive - ditto above - 1/2 TimeMac

Offline jchuzi

  • TS Addict
  • *****
  • Posts: 3094
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #6 on: June 08, 2010, 10:05:04 AM »
QUOTE(Jack W @ Jun 8 2010, 09:46 AM) <{POST_SNAPBACK}>
Went to your first link Paddy.

Took the advice offered therein and deleted that little sucker.

 thanx.gif  , Jack
I did it too. The article estimates that it takes 15 minutes but it's closer to one.
Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P700, Photoshop CC, Lightroom CC, MS Office 365

Offline chriskleeman

  • Administrator
  • TS Addict
  • *****
  • Posts: 2255
    • View Profile
    • http://www.chriskleeman.com
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #7 on: June 08, 2010, 10:30:04 AM »
QUOTE(jchuzi @ Jun 8 2010, 11:05 AM) <{POST_SNAPBACK}>
I did it too. The article estimates that it takes 15 minutes but it's closer to one.


Yup, pretty simple to find/navigate to... gone in 60 seconds! (or less...) coolio.gif

Thanks Paddy!

Chris K smile.gif
Just a dumb guitar player...
My Website

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #8 on: June 08, 2010, 11:11:24 AM »
REalized I still had some Reader Prefs laying around...searched and deleted everything that had "Acrobat" and "Reader" in them. rolleyes.gif
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #9 on: June 08, 2010, 01:00:18 PM »
Adobe has updated their advisory to include temporary fixes for the issues:

http://www.adobe.com/support/security/advi.../apsa10-01.html

I've removed the AuthPlayLib bundle file from both Acrobat Pro and Reader (use both - and require Acrobat Pro in my work) - though I cannot recall ever downloading or encountering a PDF with embedded Flash!

Will now update the Flash Player, though have Click to Flash and never click on ads or any untrusted sources. There will be a patch for Flash out on Thursday (10th) but the fixes for Acrobat and Reader won't be out until the end of June.
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline pendragon

  • TS Addict
  • *****
  • Posts: 7178
    • View Profile
    • http://www.pendragonservices.com
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #10 on: June 09, 2010, 05:32:20 AM »
Good info all, Paddy, thanks!

While I don't think I visit bad sites, even good sites can get infected. This nefarious stuff moves around the Internet in a flash. toothgrin.gif

Those who can make you believe absurdities can make you commit atrocities. ~ Voltaire

Offline jchuzi

  • TS Addict
  • *****
  • Posts: 3094
    • View Profile
Critical vulnerability in Flash and Acrobat Reader *updated June 8*
« Reply #11 on: June 10, 2010, 04:22:33 PM »
The Adobe Flash Player update is now available. A word to the wise:  Repair permissions after installing it. The AFP installer messes up a permission (and this has happened consistently, as well as with this particular update).
Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P700, Photoshop CC, Lightroom CC, MS Office 365