Security Corner

Sep 17 2010   8:15PM GMT

Who Else Has Had It With Adobe?

Ken Harthun Ken Harthun Profile: Ken Harthun

I'm fed up with Adobe!

I'm fed up with Adobe!

There are those of us who haven’t used Adobe’s Acrobat Reader in years, choosing alternatives like the free FoxIt Reader, or Open Source Xpdf instead. My reason at first was simply that Acroreader is bloatware, took forever to load and used up too much memory; these days, my reason includes the terribly insecure software Adobe insists on releasing. Unfortunately, it’s hard to get away from Flash on the web, but there is an alternative player/plugin that I’ll talk about in a moment. And here we go with business as usual:

Security Advisory for Flash Player

Release date: September 13, 2010
Vulnerability identifier: APSA10-03
CVE number: CVE-2010-2884
Platform: All

Summary

A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

We’ll have to wait until the week of September 27, 2010 for the Flash patch, and the week of October 4, 2010 for the Reader/Acrobat patches.

What can you do? Unless you absolutely have to have Reader/Acrobat for some reason, switch to an alternative such as one of those I mentioned above. FoxIt Reader integrates nicely with Firefox. There’s another FF add-on that’s an alternative to Adobe: gPDF is a handy tool to view PDF, DOC, DOCX and PPT files online, using Google’s Docs Viewer.

Next, disable Shockwave Flash plugin. Download and install Swiff Player (current version 1.7), a Free stand-alone player that enables web designers and Flash users to easily play Flash movies. When you install it, it also becomes the default player for .swf files on the web. Sweet, eh? Swiff Player is very fast, too. This won’t eliminate Flash (Swiff Player requires it), so I’m not sure exactly what is gained, but it’s an extra layer for hackers to penetrate, so it just might break a Flash exploit by introducing a misdirection.

Anyone have any thoughts on this?

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: