XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Tue Apr 25, 2017 2:32 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 604 posts ]  Go to page 1, 2, 3, 4, 5 ... 25  Next
Author Message
PostPosted: Thu Oct 08, 2009 5:15 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
...there's a new Adobe Reader exploit! :roll:

http://www.theregister.co.uk/2009/10/08 ... er_attack/" onclick="window.open(this.href);return false;

- Anonymous


Top
 Profile  
 
PostPosted: Thu Oct 08, 2009 8:21 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14365
Question is, do they have time to get another exploit in before the end of the year?


Top
 Profile  
 
PostPosted: Thu Oct 08, 2009 10:59 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9175
Location: Caught between the moon and NYC
They'd better, or Adobe's not getting a Christmas Card.


Top
 Profile  
 
PostPosted: Tue Oct 13, 2009 2:31 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
Adobe has released Acrobat and Reader 9.2 which fix a whole raft of serious security problems.

Grab your updates: http://www.adobe.com/downloads/

NOTE: The Reader 9.2 installers include Adobe Air, so if you don't want AIR you'll have to uninstall it, then expunge it from the installed application to keep it from being randomly reinstalled.

- Anonymous


Top
 Profile  
 
PostPosted: Tue Oct 13, 2009 7:57 pm 
Offline
Secretary of State
User avatar

Joined: Mon Apr 21, 2008 1:34 am
Posts: 3251
Location: East AmeriKastan
Skim works for me. Adobe reader and Air can go fly a kite.

_________________
Whom does the Grail serve?


Top
 Profile  
 
PostPosted: Mon Jan 04, 2010 9:28 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
The latest (known) security hole in Adobe Reader is being cleverly exploited.

Only two weeks until Adobe fixes it. Do you still have Reader/Acrobat installed on your computer?

- Anonymous


Top
 Profile  
 
PostPosted: Tue Jan 05, 2010 10:45 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
Thanks for the heads up Anon. I guess for Adobe it's always October. (Their version of "Groundhog Day.")


Top
 Profile  
 
PostPosted: Thu Jan 07, 2010 3:48 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14365
LOL, here's the next vulnerability you'll have no control over...

Quote:
The company is in the process of designing a new updater that will patch security holes in Reader, Acrobat, and Flash without requiring user interaction, according to the Zero Day blog.


Let's see... ability to automatically get into your computer & download & install stuff, yeah, that'll do it! :(


Top
 Profile  
 
PostPosted: Thu Jan 07, 2010 9:46 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9175
Location: Caught between the moon and NYC
In related news, the next Zero Day Exploit will exploit bugs in this automatic downloading mechanism to automatically download & install malware on end user systems.


Top
 Profile  
 
PostPosted: Tue Jan 12, 2010 7:58 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
9.3 out today with 21 MB of "language support," whatever that's supposed to be. Wasn't it already supposed to have multiple languages? I suppose it's safe to use for at least 5 hours now.


Top
 Profile  
 
PostPosted: Tue Jan 12, 2010 8:38 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
Ah, thanks for the update. I can't wait to install it. Oh, wait, I don't need to install this update because I don't have Acrobat or Reader in the first place. :)

If you do install it, and if you've previously removed AIR, you'll possibly need to remove AIR again, and delete it from the Application package to keep it from being automatically, randomly, reinstalled.

- Anonymous


Top
 Profile  
 
PostPosted: Sat Jun 05, 2010 2:28 am 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
It's June which can only mean...Adobe PDF & Flash vulnerability!

http://www.zdnet.com/blog/security/adobe-warns-of-flash-pdf-zero-day-attacks/6606

The link suggests that Windows users may reduce their exposure in PDFs by disabling the authplay.dll. There is no suggested mitigation strategy for Mac users, but you know what I'd suggest: pitch Reader/Acrobat, and in your web browser use an addon that requires you to affirmatively click to play Flash content.

I'm sure that in a month or two Adobe will get around to releasing another patch, which will also inevitably reinstall Air on your computer. Until then, have a nice day.

- Anonymous


Top
 Profile  
 
PostPosted: Sat Jun 05, 2010 8:15 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
Thanks for the heads up Anon.


Top
 Profile  
 
PostPosted: Tue Jun 08, 2010 2:04 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
Adobe says security patch for Flash will be available June 10, Thursday.

http://www.computerworld.com/s/article/ ... onomyId=82


Top
 Profile  
 
PostPosted: Tue Jun 08, 2010 2:33 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
Excellent news. Thanks!

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jun 10, 2010 1:30 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5807
Location: NYC
Flash Player Security Update 10.1.53.64. Looks like it might be the former 10.1 Release Candidate. There's also a patched 9.

http://get.adobe.com/flashplayer/


Top
 Profile  
 
PostPosted: Thu Jun 10, 2010 5:35 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14365
Thanks W... :)


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 12:53 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:20 pm
Posts: 2233
patched acrobat/reader 8,9

http://www.adobe.com/support/security/b ... 10-15.html

Security updates available for Adobe Reader and Acrobat
Release date: June 29, 2010
Vulnerability identifier: APSB10-15
CVE numbers: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, CVE-2010-2212
Platform: All Platforms
SUMMARY
Critical vulnerabilities have been identified in Adobe Reader 9.3.2 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.2 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.2 (and earlier versions) and Adobe Acrobat 8.2.2 (and earlier versions) for Windows and Macintosh. These vulnerabilities, including CVE-2010-1297 referenced in Security Advisory APSA10-01, could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.3. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.3, Adobe has provided the Adobe Reader 8.2.3 update.) Adobe recommends users of Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.3. Adobe recommends users of Adobe Acrobat 8.2.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.3.
AFFECTED SOFTWARE VERSIONS
Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh
SOLUTION
Adobe Reader
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/ ... rm=Windows.
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/ ... =Macintosh.
Adobe Reader users on UNIX can find the appropriate update here:
http://www.adobe.com/support/downloads/ ... tform=Unix.
Adobe Acrobat
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/ ... rm=Windows.
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/ ... rm=Windows.
Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/ ... rm=Windows.
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/ ... =Macintosh.
SEVERITY RATING
Adobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations.
SUMMARY
Critical vulnerabilities have been identified in Adobe Reader 9.3.2 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.2 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.2 (and earlier versions) and Adobe Acrobat 8.2.2 (and earlier versions) for Windows and Macintosh. These vulnerabilities, including CVE-2010-1297 referenced in Security Advisory APSA10-01, could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.3. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.3, Adobe has provided the Adobe Reader 8.2.3 update.) Adobe recommends users of Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.3. Adobe recommends users of Adobe Acrobat 8.2.2 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.3.
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).
Note: There are reports that this issue is being actively exploited in the wild.
This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2168).
This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2201).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2202).
This update resolves a UNIX-only memory corruption vulnerability that could lead to code execution (CVE-2010-2203).
This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).
This update resolves an uninitialized memory vulnerability that could lead to code execution (CVE-2010-2205).
This update resolves an array-indexing error vulnerability that could lead to code execution (CVE-2010-2206).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2207).
This update resolves a dereference deleted heap object vulnerability that could lead to code execution (CVE-2010-2208).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2209).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2210).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2211).
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2212).
ACKNOWLEDGEMENTS
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
* Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2010-1285, CVE-2010-2168, CVE-2010-2201, CVE-2010-2212)
* Microsoft Vulnerability Research (MSVR) (CVE-2010-1295)
* Didier Stevens (CVE-2010-1240)
* Philippe Lagadec of NATO C3 Agency (CVE-2010-1240)
* An anonymous researcher through TippingPoint's Zero Day Initiative (CVE-2010-2202)
* James Quirk of Los Alamos, New Mexico (CVE-2010-2203)
* Gjoko Krstic of Zero Science Lab (CVE-2010-2204)
* Alin Rad Pop of Secunia Research (CVE-2010-2205)
* Carsten Eiram of Secunia Research (CVE-2010-2206)
* Tavis Ormandy of the Google Security Team (CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211)
REVISIONS
June 29, 2010 - Updated URL for UNIX release.
June 29, 2010 - Bulletin released.


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 2:42 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
mc68k wrote:
patched acrobat/reader 8,9

Note: There are reports that this issue is being actively exploited in the wild.

Thanks for heads up.

Also, :roll:.

- Anonymous


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 5:12 pm 
Offline

Joined: Thu May 15, 2008 8:02 pm
Posts: 2279
I'm curious... why would people use acrobat reader? Doesn't Preview do everything? Am I just clueless?


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 6:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9175
Location: Caught between the moon and NYC
I know Reader supports fill-in PDFs, where you can type in fields before printing it out, which back when I wanted to fill out a PDF (tax return) wasn't supported by Preview.


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 6:12 pm 
Offline
User avatar

Joined: Tue May 06, 2008 9:14 pm
Posts: 3633
Location: Raleigh, NC
MonkeyBoy wrote:
I know Reader supports fill-in PDFs, where you can type in fields before printing it out, which back when I wanted to fill out a PDF (tax return) wasn't supported by Preview.

It is supported by preview now.

_________________
Things are only impossible until they're not - Jean Luc Picard
Impossible is a word to be found only in the dictionary of fools - Napoleon


Top
 Profile  
 
PostPosted: Wed Jun 30, 2010 12:47 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9175
Location: Caught between the moon and NYC
Yeah, I haven't tried that since 10.3 or 10.4.


Top
 Profile  
 
PostPosted: Wed Sep 08, 2010 4:10 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
Another one.

- Anonymous :roll:


Top
 Profile  
 
PostPosted: Mon Sep 13, 2010 5:31 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9591
Location: North of the State of Jefferson
...now available in Flash! :(

- Anonymous


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 604 posts ]  Go to page 1, 2, 3, 4, 5 ... 25  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group