Adobe Reader browse-and-get-pwned 0day under attack
-
Adobe Reader browse-and-get-pwned 0day under attack
-
-
Does Adobe have any solution other than to wait and worry?
I believe I just had a Flash update this past two weeks
-
Good thing I don't use the reader anymore. I just wish there was a safe alternative for the flash player (others than download the flash clip and use an external player)
-
-
Does Adobe have any solution other than to wait and worry?
Yes, for what it is worth, Adobe provided Mitigations, with the following for Windows users:
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
-
About two weeks for the fix...maybe
Adobe said it expects to have a patch for Flash Player by November 9, 2010 and update for Adobe Reader and Acrobat 9.x during the week of November 15, 2010.
-
I disabled both the reader and flash player in Firefox addons panel, would that have the same effect, or would the exploit still be able to abuse them?
Does Adobe have any solution other than to wait and worry?
Yes, for what it is worth, Adobe provided
Mitigations, with the following for Windows users:
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat."
-
-
I disabled both the reader and flash player in Firefox addons panel, would that have the same effect, or would the exploit still be able to abuse them?
It would probably be on the safe side to disable it in the fix posted above. You can just navigate to the file authplay.dll and rename it to something else, like authplay.old or aothploy.dll. You'll need to be signed on as an admin to make this change.
In the interim, the company suggests that affected users delete, rename or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.
This mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.