Νέο κενό ασφαλείας σε Adobe Flash, Reader και Acrobat

[euklidis]

Αφου το λινουξ δεν χρησιμοποιει dlls :S

[tiatrou]

Τουλάχιστον όσοι έχουν Linux είναι εξασφαλισμένοι? Υποτίθεται ότι αυτό δεν προσβάλλεται εύκολα από malware. Η ανακοίνωση όμως τα γράφει όλα τα λειτουργικά. (Να υποθέσω ότι για το λινουξ ο κίνδυνος είναι θεωρητικός?)

Μπα δε νομίζω, όπως αναφέρει και η ανακοίνωση. Βέβαια θα υπάρχουν μια σειρά προυποθέσεις, φαντάζομαι, για να προσβληθεί ο υπολογιστής, είτε έχει λειτουργικό windows, είτε linux, αλλά διάκριση δεν φαίνεται να κάνει.

[Banditgr]

Μάλιστα, νέο vulnerability στα Adobe products ε ? I'm shocked. Δεν έχει ξανασυμβεί ποτέ αυτό. Ούτε τα Windows δεν είναι έτσι πλέον Μήπως να βγάζουν δελτίο τύπου για όταν δεν υπάρχουν κενά ασφαλείας ?

[stefkon]

Μέσα σε δυο μέρες σοβαρό πρόβλημα ασφαλείας σχετιζόμενο με browser.

Τουλάχιστον όσοι έχουν Linux είναι εξασφαλισμένοι? Υποτίθεται ότι αυτό δεν προσβάλλεται εύκολα από malware. Η ανακοίνωση όμως τα γράφει όλα τα λειτουργικά. (Να υποθέσω ότι για το λινουξ ο κίνδυνος είναι θεωρητικός?)

Off Topic

Πριν καιρό κοροίδευα ένα φίλο που από Windows ανοίγει μόνο κάποιες λίγες σελίδες που εμπιστεύεται. Τελικά ίσως έχει δίκιο. Θα γίνουμε όλοι υποχόνδριοι.

Πουθενά δεν είναι εξασφαλισμένοι.

...Το bug βρίσκεται στις εκδόσεις Flash Player 10.1.85.3 και προηγούμενες, για Windows, Mac, Linux και Solaris, καθώς και στο Flash Player 10.1.95.2 και προηγούμενες για Android. Εντοπίζεται επίσης στο αρχείο authplay.dll του Reader 9.4 και των προηγούμενων 9.x εκδόσεων για Windows, Mac, Unix και Acrobat 9.4 και προηγούμενων 9.x εκδόσεων για Windows και Mac. Η βιβλιοθήκη αυτή εμφανίζει περιεχόμενο flash στον PDF viewer. Οι εκδόσεις Adobe Reader και Acrobat 8.x και Reader για Android δεν επηρεάζονται από το κενό ασφαλείας........

[opener]

Βγηκε η νεα εκδοση του Adobe Flash Player v10.1.102.64 =

Adobe Flash Player v10.1.102.64 - November 4, 2010
This is a security release

More information here
http://www.adobe.com/support/securit...apsb10-26.html

Direct Download link for Firefox, Safari, Opera
http://fpdownload.macromedia.com/get...ash_player.exe

Direct Download for IE users.
http://fpdownload.macromedia.com/get..._player_ax.exe

Pick the proper version for Flashplayer for your browser of choice on the above link. Do not confuse it with shockwave which is a different program.

Note: Please remember to uncheck any unwanted 3rd party toolbars/programs during installation IF they are offered to you.

Version check
http://www.adobe.com/products/flash/about/

http://www.calendarofupdates.com/upd...event_id=82500

Security update available for Adobe Flash Player (APSB-10-26)

Today, a Security Bulletin (APSB10-26) has been posted to address critical security issues in Adobe Flash Player, including CVE-2010-3654 referenced in Security Advisory APSA10-05. This Security Bulletin affects Flash Player versions 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris. Adobe recommends users apply the updates for their product installations. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.
http://blogs.adobe.com/psirt/2010/11...apsb10-26.html

Adobe Flash Player 10.1.102.64 download:
http://get.adobe.com/flashplayer/

-----------------------------------------------------
Για τον Adobe Reader:

Pottential issue in Adobe Reader
November 4, 2010

Adobe is aware of a potential issue in Adobe Reader posted publicly today on the Full Disclosure list. A proof-of-concept file demonstrating a Denial of Service was published. Arbitrary code execution has not been demonstrated, but may be possible. We are currently investigating this issue. In the meantime, users of Adobe Reader 9.2 or later and 8.1.7 or later can utilize the JavaScript Blacklist Framework to prevent the issue by following the instructions below. Note that Adobe Acrobat is not affected by this issue.
.....
http://blogs.adobe.com/psirt/2010/11...be-reader.html

edit:

Adobe meanwhile ships an update for the Flash Player to version 10.1.102.64 today and plans one for the Reader and Acrobat next week. The Flash update is available via the Download Center and fixes the “authplay” vulnerability which got public last week. But the company has to deal with a new security vulnerability as well. It’s not yet exploited and it remains currently unknown whether it is exploitable to infect PCs with malware, but Adobe investigates the flaw. On a public security list a so-called Proof-of-Concept (PoC) has been published which just shows a Denial-of-Service attack.
http://techblog.avira.com/2010/11/05...ay-ahead-2/en/

[giantpow]

μπορειτε να κανενε μια ενεση τον firefox με το spybot και δεν θα περναει τιποτα

[Mozart]

πότε επιτέλους θα ναι έτοιμο το sandbox να ησυχάσουμε;

[opener]

πότε επιτέλους θα ναι έτοιμο το sandbox να ησυχάσουμε;

..... οχι ολοι.
=

.... The main problem with Adobe Reader is outdated versions though. Most users don’t care about that – and they should not need to; software should update automatically and silent in the background. Even Adobe is working on such an update mechanism which Google uses very successfully with their Chrome web browser. But this doesn’t help our Dads, Uncles and Grandmothers which have installed version 6 from a few years ago, when the computer was bought.
http://techblog.avira.com/2010/11/05...er-sandbox/en/

[opener]

Σημερα κυκλοφορησε η εκδοση του Adobe Reader v9.4.1 που διορθωνει το προβλημα, την εγκατεστησα μεσα απο την προηγουμενη εκδοση v9.4 (manual update).

Απ' οτι βλεπω, η νεα εκδοση δεν εχει βγει ακομη στην ιστοσελιδα =
http://get.adobe.com/reader/

ουτε στο Security Advisory =

Prenotification Security Advisory for Adobe Reader and Acrobat
Release date: November 12, 2010
.......
(Note: This Security Advisory will be replaced with the Security Bulletin upon release of the updates, currently expected on Tuesday, November 16, 2010.)
http://www.adobe.com/support/securit...apsb10-28.html

-------------------------------

Security updates released for Adobe Reader and Acrobat (APSB10-28)
November 16, 2010

Today, a Security Bulletin (APSB10-28) has been posted regarding security releases for Adobe Reader and Acrobat. The updates address critical security issues in the products, including CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog (“Potential issue in Adobe Reader“), as well as the vulnerabilities addressed in the November 4 Adobe Flash Player update as noted in Security Bulletin APSB10-26. Adobe recommends that users apply the updates for their product installations.

Note that today’s updates represent and out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.

http://blogs.adobe.com/psirt/2010/11...apsb10-28.html

[opener]

πότε επιτέλους θα ναι έτοιμο το sandbox να ησυχάσουμε;

Κυκλοφορησε.
=>

Adobe Reader X Now Available
November 18, 2010

Adobe Reader X is now available! Download Reader X for desktop at http://get.adobe.com/reader/ or access the mobile app on the Android Market via your Android device.

With over one billion downloads, Adobe Reader continues its leadership as the global standard in PDF viewing and interaction.

Reader X for desktop enables an even greater level of interaction with the ability to share feedback through the use of Sticky Notes and Highlighter tools, as well as view a larger variety of content types including drawings, email messages, spreadsheets, videos, and other multimedia elements. You can also take advantage of the added security of Protected Mode in Reader X, which helps ensure safer viewing of PDF files.

With Reader X for Android, we’ve addressed some of the most important features our users have requested including support for Tablets, go to page, search, opening Portfolios and password protected PDF files, and sharing PDF files via email. Adobe Reader for Android was first released back in May of this year and has amassed over 3 million downloads in that short period of time. In Reader X for Android we’ve also expanded language support to a total of thirteen including English, French, German, Italian, Spanish, Dutch, Danish, Brazilian-Portuguese, Swedish, Russian, Czech, Polish and Turkish.

As always your feedback and comments are critical to our success. Please continue to provide us with your feedback either via comments on this blog or through the Adobe Reader user forums http://forums.adobe.com/community/adobe_reader_forums/

To learn more about the new Adobe Reader X please visit our home page on Adobe.com. Follow Reader X news on Twitter @Adobe_Reader.

http://blogs.adobe.com/adobereader/2...available.html

Adobe Reader X
Adobe Reader X (10.0.0) is now available.

Download (Windows & Macintosh):
http://get.adobe.com/reader/otherversions/


Font packs for Adobe Reader X are available from:
Win:
http://www.adobe.com/support/downloa...atform=Windows
Mac:
http://www.adobe.com/support/downloa...form=Macintosh

See
http://www.adobe.com/products/reader.html
for some of the new features of Adobe Reader X.

http://www.calendarofupdates.com/upd...event_id=83471

edit:

Adobe launches 'sandboxed' Reader X
Technology aims to protect Windows users from PDF-based attacks
....
The new version is also available for Mac OS X and Android, but those editions lack the sandbox.
.....
Calling the sandbox a "new advancement" in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help.
.....
Adobe declined to lay out a timetable today for offering Reader X to existing users. A spokeswoman said only that the company would not initially roll out the new version via Reader's built-in updater.
.....
http://www.computerworld.com/s/artic...?taxonomyId=17

Using Adobe Reader X
http://help.adobe.com/en_US/reader/using/index.html

[Mozart]

επιτέλους!Μένει να δούμε αν είναι και αποτελεσματικό,πάντως είναι ένα βήμα μπροστά σίγουρα

thanx για την ενημέρωση !

[opener]

επιτέλους!Μένει να δούμε αν είναι και αποτελεσματικό,πάντως είναι ένα βήμα μπροστά σίγουρα

thanx για την ενημέρωση !

Αυτο πιστευω και εγω.
Και οπως λενε =

Calling the sandbox a "new advancement" in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help..