Another zero day in Adobe flash player

Hello everyone,

just found this new 0-day article in ISC,

http://isc.sans.org/diary.html?storyid=6847

avast doesn’t detect it.(link in the article to virus total tells this)

Very interesting article, and especially the “Regarding Flash, NoScript is your best help here, of course.”

Presumable this is also sidestepped if you don’t use Adobe’s PDF reader, but something like FoxitPDF reader, etc.

It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?).

So yet more advice to use firefox with NoScript and don’t use Adobe Acrobat PDF reader ;D

list of other pdf readers (sometimes these are advised to use, previously when there were adobe exploits):

http://www.pdfreaders.org/

Oh God!

Does Disabling the Adobe Acrobat Plug-in for FF works?

I have NoScript as well…

-AnimeLover^^

@addict

yes that should work for a pdf file. if you use noscript then you are safe as mentioned in the article…

Not if the PDF file which would normally be viewed on-line (using the FF plug-in) is downloaded and opened with Adobe PDF reader, as the vulnerability is also in the reader as well as adobe flash.

NoScript will only protect against the vulnerability in the flash player and then only if you haven’t allowed the site to run scripts and also allow flash (NoScript, Options, Plugins tab, Forbid Adobe Flash).

accept with david r

geez it’s the second time in a very short time there’s a bad vulnerability in adobe products…

edit: last time that concerned “reader” only and they advised to disable JavaScript (until the fix would be available): in the reader settings itself.

Thanks nmb and DavidR^^

-AnimeLover^^

always welcome

You’re welcome.

Why turning off Javascript won’t help this time

check this blog:

http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html

oh, thanks for that link :wink:

hello everyone,

update :

Adobe ‘zero-day’ flaw is eight months old : http://blogs.zdnet.com/security/?p=3792

WTF!?

Cant believe Adobe hasnt updated their products yet! >:(

What a fatal flaw!

-AnimeLover^^

@addict

according to this :http://www.adobe.com/support/security/advisories/apsa09-03.html the patch will be released on july 30.

Nothing new there, same happens in other companies, one notable one ;D

So in this case, day 0 must mean they haven’t even started.

well said.

Don’t know of this mitigating of the PDF document attack vector has been posted, if not it is by now: :slight_smile:

http://www.kb.cert.org/vuls/id/259425

I have renamed the 2 files mentioned in the article because I have to use Adobe Reader.

It doesn’t mitigate the direct Flash vuln, so that’s another story.

HL

Adobe promises fix for critical Flash hole next week:
http://www.theregister.co.uk/2009/07/24/adobe_flash_patch_pre_alert/

Security advisory for Adobe Reader, Acrobat and Flash Player:
http://www.adobe.com/support/security/advisories/apsa09-03.html

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.