Adobe Reader and Adobe Flash Player Vulnerabilities Remain Unpatched

image You phone 911 to report an emergency in your home – a fire, burglary, accidental fall; I’ll let you use your imagination to expand on this list. While you’re imagining; imagine this – the 911 operator instructs you not to worry, help will arrive within a week or so.

Computer users running Adobe Flash player (versions 9 and 10), as well as Adobe Reader and Acrobat 9.1.2, are currently subject to attack by cyber-criminals capitalizing on a zero-day vulnerability, and find themselves in an analogous position.

This is an extremely serious vulnerability which could result in a successful takeover of an attack victim’s computer through remote code execution. Like the 911 operator above, Adobe’s response to this vulnerability is, don’t worry we’ll get to you, we’ll fix it – just not now.

According to Adobe:

“We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009.”

To read the rest of Adobe’s response checkout “Security advisory for Adobe Reader, Acrobat and Flash Player”, at the Adobe site.

If you are like most computer users, you were probably only minimally interested in installing the latest updates of Adobe products since you may not have been aware of the important security patches they contain. In fact, you may not be aware of how important it is to keep all installed applications up to date, and patched.

Save yourself a lot of time and aggravation, and ensure that all your installed applications are always patched and up to date, by installing Secunia PSI, a free application which scans your PC for installed application vulnerabilities. In this case, it would have notified you of the Adobe vulnerabilities.

image

Without Secunia PSI installed, you leave yourself open to attacks and exploits that seem to be increasing in frequency.

image Consider this from ZDNet:

Ten free security utilities you should already be using –
Number one is the Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine.

For more information on Secunia PSI please read “Play Russian Roulette – Don’t Update Your Applications”, on this site. This review of Secunia PSI includes download links.

In the meantime: Steps you can take while waiting for Adobe to issue these critical patches –

As always, be cautious when browsing untrusted websites

Ensure your AV definitions are current

If you are running FireFox you should be running the NoScript add-on, and you might consider installing and running the Flashblock add-on. Both offer substantial protection. This solution is not perfect however, and you may still be vulnerable.

Run all software as a non-privileged user with minimal access rights.

Frankly, I do not use, nor would I ever use, an Adobe product on any of my systems. These zero day exploits against Adobe products seem to be never ending.

To read a comprehensive technical report on this issue, check out “Heap Spraying with Actionscript – Why turning off Javascript won’t help this time”, on the FireEye Malware Intelligence Lab site.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Adobe, Application Vulnerabilities, Don't Get Hacked, Firefox Add-ons, Free Anti-malware Software, Freeware, Internet Safety, Malware Advisories, Online Safety, Security Rating Applications, Software, System Security, Windows Tips and Tools

5 responses to “Adobe Reader and Adobe Flash Player Vulnerabilities Remain Unpatched

  1. Adobe reader has been having way too many security problems recently. A lot of the problems are showing up as zero-day flaws that aren’t fixed for days or weeks after. High time people start to leave it and find something else to open PDFs

    • Bill Mullins

      Hey Jgoto,

      You’re right – Adobe has a terrible record of addressing security issues.

      Thanks for the comment.

      Bill

  2. Adobe is causing me much trouble which I thought was malware.
    I wonder if we can sue this brazen-faced scum.

    • Bill Mullins

      Hey Pochp,

      Not much chance of suing I’m afraid. There’s loads of free substitutes out there you should try.

      BTW, I’m running a free contest for a lifetime license, 20 of them, for SUPERAntiSpyware so be sure to enter your name. This is an outstanding application.

      I know that Rick had this yesterday; I’m the one who arranged it for him.

      Bill

  3. Hey Bill,
    So thanks to you too!
    I tried it yesterday and it caught Adware.rx toolbar threat.
    To save us time, read my comments on Rick-
    it was a funny incident! lol