Archive for February 25th, 2009

Users of Adobe products (i.e. almost all the web surfers) are in serious danger (well, not exactly breaking news).
Critical bugs in Flash Player and Acrobat, both allowing arbitrary remote code execution, are being exploited in the wild.

Adobe just released a Flash Update addressing the player vulnerability, which has been abused in real world attacks for more than 6 weeks. Notice that the FlashBlock work-around suggested by the iDefense bulletin is bogus: as we already clarified a few times, FlashBlock can't be relied upon as a security defense. The only reliable means to protect yourself against Flash-based 0 day attacks like these are either disabling the Flash Player plugin globally, or using NoScript's content blocking features to selectively enable only the Flash applets you trust.

Regarding the Acrobat flaw, Adobe announced that a patch won't be available until March the 11th. In the meanwhile many sources, including Adobe itself, recommend to disable JavaScript execution in Acrobat's options, but again the suggested work-around is not effective: disabling Acrobat's JavaScript does not prevent the vulnerability from being exploited. As always, you should be very careful in opening PDF files you receive by email, and use NoScript to prevent automatic exploitation on the web: NoScript's default deny policy applies to all the plugin content, indeed, including PDF.

Bad Behavior has blocked 850 access attempts in the last 7 days.