1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Adobe flaw leads to Trojan attack

Discussion in 'Article Discussion' started by Sifter3000, 26 Jul 2009.

  1. Sifter3000

    Sifter3000 I used to be somebody

    Joined:
    11 Jul 2006
    Posts:
    1,766
    Likes Received:
    26
  2. Paradigm Shifter

    Paradigm Shifter de nihilo nihil fit

    Joined:
    10 May 2006
    Posts:
    2,096
    Likes Received:
    38
    Presumably those people using FlashBlock will have an extra layer of protection also?
     
  3. Javerh

    Javerh Topiary Golem

    Joined:
    5 Sep 2006
    Posts:
    1,045
    Likes Received:
    26
    Good thing I use Foxit Reader.
     
  4. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    I'm not amazed. Microsoft ignored critical IE bugs for months which it's now only getting around to fixing so why should Adobe be any different? While the non-profit Mozilla Foundation can fix critical JavaScript flaws within days and confirm the existence or not of further bugs over a weekend, it doesn't surprise me that a couple of the big, for-profit corporations are tardy with the unprofitable parts of their customer support, viz. providing patches for free.
     
  5. sear

    sear Guest

    I use Foxit as well. Nice program if you can stomach all the ads and stuff they try to shove down your throat when you install it.

    Seriously, the solution is stop using Adobe's shitty programs, and stop giving them money. They produce good software when it comes to functionality and design, but it is almost always buggy and has tons of security vulnerabilities, and they have a very slow response rate in fixing those issues. One wonders why something like Flash needs to open up so many holes to the operating system to begin with.
     
  6. nitrous9200

    nitrous9200 New Member

    Joined:
    4 Oct 2007
    Posts:
    131
    Likes Received:
    2
    I'm looking at the Secunia advisory page for IE8 and it's only affected by one unpatched bug rated "Less critical". I don't know if all of the bugs from past IE versions are a problem in the latest version, in which case IE would be terribly insecure. Simple solution? Use another browser!
    I think MS is slower to patch because they have to test more thoroughly, seeing as IE is an integral part of Windows (especially on XP) and they can't go around breaking things. Firefox on the other hand is just a 3rd party program and fixes don't have to be tested quite as much (also they have had to push out updates to fix something the last one broke).
     
  7. aggies11

    aggies11 New Member

    Joined:
    4 Jul 2006
    Posts:
    180
    Likes Received:
    1
    Vulnerabilities in flash are why I started using Flashblock ( didn't work, as some code still gets executed?) and eventually No Script. I feel bad for blocking the advertisements for the sites I enjoy, but the web is just too dangerous now a days.

    I never found any discussion/acknowledgedment of the original vulnerabilities (early Flash 9) so I'm certainly not surprised that more exist
     
  8. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
    The vuln relates to IE operating on XP.
    The vuln was originally reported on December 13, 2007.
    Microsoft said they'd fixed it on July 14, 2009 and that fix was only a partial fix, with - what we're told is a complete fix - coming out this week.
    18 months is one hell of a test cycle for a single vuln.
    IE6 and IE7 account for over a third of web browsers. Back in December 2007 over 50% of users were using IE6 and IE7, so at least a third of internet users have been vulnerable for a period of over 18 months.
    Less than 1 in 10 internet users currently use IE8.
    IE8 was only officially released in March of this year so it does not surprise me that there are few reported vulns or exploits for it. The source code is not available for public viewing.
    FF is the most popular browser in use today.
    I'm not aware of any updates that have been issued to fix a problem with a previous update. Perhaps you could provide a link?
    I totally agree that another browser should be used but you don't ever see that suggestion in Microsoft's official advisories ;).
     
    Last edited: 26 Jul 2009
  9. Aracos

    Aracos New Member

    Joined:
    11 Feb 2009
    Posts:
    1,338
    Likes Received:
    47
    What adverts does it block? I personally think flash adverts should burn in hell for all eternity, not everyone has uber fast CPU's to give spare clocks to flash adverts :p
    I use Adblock Plus, Flashblock and noscript for an all round fast browsing experience :D

    Who actually uses adobe reader? Seriously it's just a pile of bloatware, I don't wanna wait minutes for my damn PDF to load up! :mad: I can understand if you have the version that creates PDF files but it's crap for PDF viewing, Sumatra PDF Cheesecake :)
     
  10. HourBeforeDawn

    HourBeforeDawn a.k.a KazeModz

    Joined:
    26 Oct 2006
    Posts:
    2,637
    Likes Received:
    6
    +1 for firefox users with no script ^__^
     
  11. airchie

    airchie New Member

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    NoScript pwns again. :)

    For those of you saying Foxit et al are the best alternatives, they have been hit by the same vulnerabilities as Adobe in the past.
    Specifically the JS bug a few months back.
    So while I agree that Foxit is better than Adobe's PDF viewer and likely to have less security issues due to a smaller user-base if nothing else, its not a blanket solution for security risks.
     
  12. Shagbag

    Shagbag All glory to the Hypnotoad!

    Joined:
    9 Nov 2006
    Posts:
    320
    Likes Received:
    4
Tags: Add Tags

Share This Page