Archive for the ‘Adobe’ Category

« Older Entries

Foxit Reader needs patching too

Monday, March 9th, 2009

In the wake of the Adobe Acrobat Reader security issue that is currently ongoing, several folks have suggested using Foxit as an alternative (not only for security, but to not deal with Adobe, which I can completely identify with ;0).

However, there was question as to whether Foxit was vulnerable to the same issues. Foxit issued a set of patches today that implies that they were, and it’s a good reminder that alternative software solutions need security patching (and awareness on the part of their users) just as much as the big vendors products do.

If you use a software distro, and they have a security announcement list, I highly recommend signing up for it. It’s the best way for non-security geeks to keep from being caught off guard.

The information about the Foxit update can be found here: http://www.foxitsoftware.com/pdf/reader/security.htm

Posted in Adobe, Web Security | No Comments »

Adobe mentions that flash player for iPhone exists

Tuesday, September 30th, 2008

Unfortunately, I’ve seen places where the media is mentioning this as Adobe “announcing flash for the iPhone” which makes it sound like it is imminent. But I still think it’s newsworthy that Adobe is making this announcement publicly.

Apparently at a recent event (Flash on the Beach in the UK), Paul Betlem (a Sr. Director of Engineering at Adobe Systems) made the announcement that there is an internal team at Adobe working on a flash player for the iPhone.

Given the wide variety of technical (and less publicly discussed but political) reasons that Apple has given for not adopting flash, to me this is in no way a guarantee that Flash will actually make it to the iPhone, or if it does, that it will happen any time in the near future. However, if it did, it would have an immense impact on the mobile presence community, marrying the power of flash to the emerging captive (but very specialized in their focus) iPhone user community. The potential for a new generation of mobile presence applications here if flash could be well implemented is staggering. But for now, it’s just a statement that Adobe has something in the works, nothing more.

Still, something to watch.

Tags: , ,
Posted in Adobe, presence | No Comments »

June Refresh DC

Wednesday, June 18th, 2008

This month’s Refresh is tomorrow evening! I’m not the biggest RFD fan, but I’m thinking it could be an awesome venue for this type of event, so I’m excited to see how things work with Refresh in their new digs.

This month’s talk is of interest to me (and possibly many others), it talks about trying to use flash while adhering to web standards (since flash flies in the face of many accessibility rules). Come by for the talk, or just to hang out!

Refresh DC June
Thursday, June 19th 7:00 PM – ?

RFD (Regional Food & Drink)
810 7th St. NW
Washington, DC 20001

Tags: , , ,
Posted in Adobe, Blogroll, RefreshDC, meetups, web people | No Comments »

Adobe Flash Player Issue Update

Wednesday, May 28th, 2008

Now that more time has passed, community research shows that the newest flash vulnerability may not be a true “0-day” exploit. (edit — Symantec eventually declared that this was not a 0-day, but a vulnerability that did not affect 9.0.124)

Symantec has posted in their ThreatCon that the current exploits appear to be closely related to another recently discovered flash vulnerability, which should be patched with the latest version of the Flash Player (9.0.124.0), but Symantec may still seeing the compromises against the current version. Whether this is inaccurate observation, or because of other factors (possibly that it is a new vulnerability or if Adobe did not successfully patch it the last time) remains to be seen, but Adobe is urging users to update to the latest version no matter what.

more articles on the subject:

Adobe’s Product Security Incident Response Team Blog

Symantec’s update on the situation

Shadowserver’s discussion on this

ZDNet’s Zero Day Security Blog article

ISC has continuing coverage

Dancho Danchev

Tags: , , ,
Posted in Adobe, Web Security, information security | No Comments »

Adobe out of time? 0-day for Flash Player reported

Tuesday, May 27th, 2008

Word is coming down today that there is a zero-day exploit in the wild for the current (public release) version of the Flash Player. The first big source for this appears to be Symantec, who urge users to “Avoid untrusted sites and disable Flash until patches are available.” In the height of irony, on their security response page, this information is delivered by . . . you guessed it, a flash file, hosted from their site.

Adobe has been playing beat the clock since the end of last year when some fundamental flaws in Flash were brought to the public eye. The current ‘sploit seems to be seeded on potential a large number of bogus sites, and the tactics are along the lines of other malware drive-bys — get the user to go to the site, have the malware run. In this case, the penetration of vulnerable clients is huge, as almost everyone has flash installed (and there is not an “invulnerable” version amongst the current ones).

Little is known about the current exploit, and there is no evidence yet that it is linked to any of the issues previously discussed. There are no reports of it being seeded in anything passed through a trusted site yet, but if that is pulled off, the results could be devastating.

SANS ISC is tracking it, as I am sure are other sources (Security Focus has it listed here, albeit with scant information other than it seems to be fairly well “hosted” in terms of bogus sites supporting it.), I’ll update more (if there is more known) when I have more time this evening. If you are running something like AdBlock Pro or NoScript, you might want to take steps to disable .swf’s for the time being.

Tags: , , ,
Posted in Adobe, Web Security, information security | No Comments »

« Older Entries