Turn off Flash...

v1ru5

Well-Known Member
Oct 24, 2008
1,690
67
48
Harrisburg PA.
In the wake of reports that malicious users have found a way to trick Adobe Reader 9 into triggering an exploitable crash in Adobe Flash 9 and 10, the US Dept. of Homeland Security's CERT cybersecurity team is asking users and administrators everywhere to turn off Flash video in their Web browsers.

This prompted Adobe, which has recently been seeing perhaps the onset of a deluge of security issues, to update its security advisory, now rating the exploitable issue as "critical." Adobe is not advising users to take such drastic measures as disengaging Flash in their browsers (which would make it very hard to watch YouTube). What it's suggesting instead is that users manually delete the file %ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll, which is a library that Adobe Reader and Acrobat use to trigger embedded Flash and Shockwave videos.

US DHS advises users to turn off Flash pending Adobe security fix | Security News - Betanews
 

MAJ Badmotherfarker

is drinking a beer.
Oct 11, 2008
8,461
211
63
Washington D.C.
Flash videos stopped playing yesterday on my laptop. I wonder if my anti-virus software is doing something. It kept telling me that I needed to download flash, but it's been on my computer forever.
 

xan_user

Banned
Dec 16, 2008
3,234
74
48
Nor-Cal
* disable flash in adobe reader 9 on windows platforms by renaming the following files: "%programfiles%\adobe\reader 9.0\reader\authplay.dll" and "%programfiles%\adobe\reader 9.0\reader\rt3d.dll"

* disable flash player or selectively enable flash content as described in the securing your web browser document.

Doing so might cause a crash when a user tries to launch a pdf document with an embedded video, though adobe is indicating that this particular crash may not be an exploitable one. The threat can be mitigated by using firefox with plugins such as noscript.

Of course, all bets are off if one of your trusted sites happens to get compromised by one of the attackers, so users shouldn't considered this protection foolproof.
I hate pdf's
 

Jon

Well-Known Member
Dec 16, 2008
13,948
4,413
168
46
Colorado

v1ru5

Well-Known Member
Oct 24, 2008
1,690
67
48
Harrisburg PA.
This is why I use NoScript and Adblock through Firefox. If I get a PDF it usually runs through Preview on the Mac so Adobe is never an issue. Hopefully this is the beginning of Flash being eridicated on the internet, but I'm not getting my hopes up.
I love Noscript & WOT. If you're not hip to WOT check it out, it's a firefox add-on also check out Better Privacy, another FF add-on it automatically delets LSO's and Flash cookies.
 

Jon

Well-Known Member
Dec 16, 2008
13,948
4,413
168
46
Colorado
Noscript just updated in my FF browser so they must know something about it, too. I'll look into WOT.