Another Adobe Security Flaw
Can we puh-lease stop referring to Adobe with any word that has any meaning remotely connected to security?
Adobe today confirmed that hackers are exploiting a critical unpatched bug in Flash Player, and promised to patch the vulnerability in two weeks.
The company issued a security advisory that also named Adobe Reader and Acrobat as vulnerable.
"There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat," said Adobe in its warning. The company said it's seen no sign that hackers are also targeting Flash Player itself.
So how does one protect a computer from being pwned by Adobe’s insecure software? By disabling the software you depend on :
Security experts have regularly criticized Adobe Flash's security, with some questioning the company's decision to integrate the media player's capabilities within the almost-as-popular Reader. Adobe has countered those arguments with its own, saying that many users rely on the functionality.
Until a patch is available, users can protect themselves from active attacks by deleting the "authplay.dll" file that ships with Reader and Acrobat. It gave the same advice in June when the earlier Flash vulnerability was reported.
Dumping authplay.dll, however, will crash Reader and Acrobat or produce an error message when the software opens a PDF file containing Flash content.
So the choices are :
1. Use Adobe software and let your computer be pwned by an as-yet-anonymous ‘hacker’
OR
2. Disable the software, and not be able to use it.
Remind us again... why does anyone use Adobe software?