dslreports logo
Search similar:


uniqs
1095

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline

Premium Member

Security Advisory for Adobe Acrobat and Reader APSB15-24

quote:
Adobe is planning to release security updates on Tuesday, October 13, 2015 for Adobe Acrobat and Reader for Windows and Macintosh.
Advisory -
»helpx.adobe.com/security ··· -24.html

For those socially inclined -
»twitter.com/AdobeSecurit ··· 08389632

jap
Premium Member
join:2003-08-10
038xx

jap

Premium Member

Translation: uninstall until patch arrives.

Thanks for the heads-up, siljaline.

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5

antdude to siljaline

VIP

to siljaline
I am also predicting a Flash update too. :P

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline

Premium Member

The update should be available sometime later today.

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5

antdude

VIP

said by siljaline:

The update should be available sometime later today.

I wonder when. Good mawning. :P

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline

Premium Member


via Internal Update
 
said by antdude:

I wonder when. Good mawning. :P

Success

DrStrange
Technically feasible
Premium Member
join:2001-07-23
West Hartford, CT
kudos:1

DrStrange

Premium Member

Flash Player 19.0.0.207, Acro Reader 11.0.13 or DC 15.009.20069 [stole this version number from graphic above ] are now available on Adobe's site.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline

Premium Member

Shop until you drop Adobe download landing page -

»www.adobe.com/support/do ··· =Windows

jap
Premium Member
join:2003-08-10
038xx

jap to siljaline

Premium Member

to siljaline
Flash off-line installers
Win & Mac = 19.0.0.207
Linux = 11.2.202.535
https://www.adobe.com/products/flashplayer/distribution3.html

andyross
MVM
join:2003-05-04
Schaumburg, IL

andyross to siljaline

MVM

to siljaline
Looks like there may be another update very soon:
quote:
New zero-day exploit hits fully patched Adobe Flash
Attacks used to hijack end users' computers when they visit booby-trapped sites.
»arstechnica.com/security ··· e-flash/

antdude
A Ninja Ant
VIP
join:2001-03-25
United State
kudos:5
·Time Warner Cable

antdude to jap

VIP

to jap
said by jap:

Flash off-line installers
Win & Mac = 19.0.0.207
Linux = 11.2.202.535
https://www.adobe.com/products/flashplayer/distribution3.html

Flash? This thread is about Acrobat and Reader. :P
antdude

antdude to andyross

VIP

to andyross
said by andyross:

Looks like there may be another update very soon:

quote:
New zero-day exploit hits fully patched Adobe Flash
Attacks used to hijack end users' computers when they visit booby-trapped sites.
»arstechnica.com/security ··· e-flash/

That explains »www.free-codecs.com/down ··· ayer.htm mentioning a newer build.

jap
Premium Member
join:2003-08-10
038xx

jap to antdude

Premium Member

to antdude
said by antdude:

Flash? This thread is about Acrobat and Reader. :P

Oops. Right pile of shit, wrong kernel. Sorry.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline

Premium Member

Zack Whittaker from @ ZDNet.com writes: Here are 13 more reasons to kick Adobe Flash to the curb
siljaline

siljaline to andyross

Premium Member

to andyross
Disable Flash again until Adobe releases something to fix the newly found Zero-day is patched.
Tuulilapsi
Kenosis
join:2002-07-29
Finland

Tuulilapsi

Member

I recommend uninstalling Flash if at all possible. Or for the advanced users, uninstall it anyway, and then use a virtual machine for those rare situations where you need that piece of programming Swiss cheese.

As for the Reader... yeah, you might toss that too, especially now that browsers and even Windows itself offer quite a decent PDF reading environment.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline

Premium Member

Many are suggesting disabling or removing Flash while Adobe fiddles for four days or so to release the zero-day patch.

Kill Flash: Adobe says patch to fix under-attack hole still days away -

Via @ theregister.com
»www.theregister.co.uk/20 ··· sh_flaw/

Ken1943
join:2001-12-30
Denver, CO

Ken1943 to siljaline

Member

to siljaline
I have set FireFox to ask to use. I can only find one site I go that requires it. I doubt if a weather site
would be on a hackers list. ALTHOUGH

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT
kudos:1

camper

Premium Member

 

I also have Firefox set to 'ask to use' for Flash. Lots of sites trigger the "ask", but very, very few sites actually need it for the content I want to view.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline to Ken1943

Premium Member

to Ken1943
Irrespective of your Browser platform - having Flash installed is an open door for attacks since it's currently (your installed version) is, zero-day. There's been jokes floating around about staying away from certain sites but we won't go there.

bluepoint
join:2001-03-24

bluepoint to siljaline

Member

to siljaline
Another update for Acrobat Reader (2015.009.20071).
Frodo
join:2006-05-05
kudos:1
·magicJack

Frodo to siljaline

Member

to siljaline
There is a nifty feature in EMET, the ASR feature that allows certain modules to be blocked for certain processes. One process I like to restrict whenever possible is Winhttp.dll, since it can be used to deposit malware.


I've noticed this popup ever since I updated to the latest version, which represents a change in how that process works on my machine. So far, the only files I have accessed are files already on the machine, not a file that may need internet access.


I get the popup on the startup of the reader, even if no PDF file is loaded. The reader still works right, so it is not critical that it accesses Winhttp.dll

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline to bluepoint

Premium Member

to bluepoint
Click for full size
Reader DC current version
My software seems to have auto-majically updated as well but I don't know how as I've got everything possible that would phone home disabled - yet here I am at the current version.
jupitermoon
join:2011-09-27

jupitermoon

Member

said by siljaline :

My software seems to have auto-majically updated as well but I don't know how as I've got everything possible that would phone home disabled - yet here I am at the current version.

You are running Adobe Acrobat Reader DC which, like Windows 10, is designed to update automatically. It's possible to modify this behavior by running the Adobe Customization Wizard DC or by editing the registry manually? Did you do that?

If not, see the following links:

Adobe Customization Wizard DC
»www.adobe.com/support/do ··· pID=5892

Updater (basic settings)
»www.adobe.com/devnet-doc ··· _1_20396

In the second summary table, you can see the default setting for update mode for the DC products is 3: Automatically download and install updates. If you do this manually, you want to set it to 1: Do not download or install updates automatically.

If you haven't already, you might also want to disable the Adobe Acrobat Update Service and any related scheduled tasks.

Here's a thread on Adobe Communities which discusses the issue and reader reactions to it:
»forums.adobe.com/thread/ ··· tstart=0

Sadly, more and more control is being taken away from the user. Pfft!

This is one of the reasons I still use Adobe Reader X and XI.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline

Premium Member


Adobe Update Service
Could have sworn I had disabled the Adobe Update Service - (you might not want to do this at home unless you are comfortable disabling Services) -

planet
join:2001-11-05
Oz
kudos:1
·Cox HSI

planet to bluepoint

Member

to bluepoint
said by bluepoint:

Another update for Acrobat Reader (2015.009.20071).

Is this limited to DC only or is Acrobat Reader 11.0.13 due another update? I checked yesterday via internal updater and it said 11.0.13 was current.

bluepoint
join:2001-03-24

bluepoint

Member

Don't know just reporting what I see. If there was an update for reader 11, it would have been out already.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18

siljaline

Premium Member

Update checks can be manually activated by choosing Help > Check for Updates > usually does it and doesn't require a download landing page to fetch your newer version from.
jupitermoon
join:2011-09-27

jupitermoon to planet

Member

to planet
said by planet :

Is this limited to DC only or is Acrobat Reader 11.0.13 due another update? I checked yesterday via internal updater and it said 11.0.13 was current.

Adobe Acrobat Reader DC 15.009.20071 was an out-of-cycle patch released on October 14, 2015 to fix a bug introduced in the earlier 15.009.20069 continuous update.

4069884: Windows taskbar is visible in Full Screen mode if RHP is collapsed.

The following link has the version numbers, release dates, notes and type for the various versions of Adobe Reader:
»helpx.adobe.com/acrobat/ ··· der.html

It still shows 11.0.13 as the latest release for Adobe Reader XI, so either this bug didn't affect that version or Adobe didn't get around to fixing it yet.