The Adobe Flash Player, current version 10.1.82.76 and below, is affected by a critical vulnerability which, according to Adobe’s Security Advisory APSA10-03, is being actively exploited in the wild. A patch won’t be available until September the 27th, which means the 3 or 4 Flash users out there are left in the cold, under attack for two weeks at least.
In the meanwhile, the only mitigation measures available are either disabling Flash outright or using NoScript.
At any rate, relying on the “FlashBlock” extensions for your security is not a good idea, neither on Firefox nor on Chrome: these toys are great against annoyances, but too easy to circumvent to be hacker-proof. Unfortunately you can always find naive advices in the press…
Talking about mitigation, I heard much fanfare (even on ./) about Microsoft’s Enhanced Mitigation Toolkit (EMET) 2.0 being able to prevent exploitation of another 0 day affecting Adobe Acrobat Reader.
Unfortunately at this moment I had no success at downloading this fabulous tool by following the available links, but this probably just means I’m low on caffeine. Could anybody point me to a working and trusted EMET 2.0 download source? Update: the link from the MS blog was actually broken this morning, but now it’s reachable as pointed out by a commenter.
Adobe rushed out version 10.1.85.3 one week earlier than scheduled to patch this hole.