I read the DHS Daily Report in Foxit ...

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

> From today's DHS report, two stories:

Adobe Systems Inc. on July 23 admitted its Flash and Reader software have a 
critical vulnerability and promised it would patch both next week. One security 
researcher, however, said Adobe’s own bug-tracking database shows that the 
company has known of the vulnerability for nearly seven months.  The 
“authplay.dll” mentioned in the advisory is the interpreter that handles Flash 
content embedded within PDF files, and is present on any machine equipped with 
Reader and Acrobat. Adobe said it would patch all versions of Flash by July 30, and 
Reader and Acrobat for Windows and Mac no later than July 31. Until a patch is 
available, Adobe said users could delete or rename authplay.dll, or disable Flash 
rendering to stymie attacks within malformed PDF files. Adobe did not offer any 
similar workaround for Flash and could only recommend that “users should 
exercise caution in browsing untrusted websites.”  

http://www.computerworld.com/s/article/9135826/Adobe_promises_patch_for_sev
en_month_old_Flash_flaw  

Researchers on July 22 said they have uncovered attacks in the wild in which 
malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a 
Trojan onto computers.  Any software that uses Flash could be vulnerable to the 
attack, according to Symantec. Adobe Reader is vulnerable because its Flash 
interpreter is vulnerable, said the principal researcher at Purewire, a Web security 
services provider. In a post on its Web site, Adobe said it “is aware of reports of a 
potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 
9 and 10. We are currently investigating this potential issue and will have an 
update once we get more information.”  

http://news.cnet.com/8301-27080_3-10293389-
245.html?part=rss&tag=feed&subj=News-Security  

(Just in case anyone's interested: http://www.foxitsoftware.com/pdf/reader/ )

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
A lack of planning on your part does not necessarily constitute
              an emergency on my part.
http://victoria.tc.ca/techrev/rms.htm 
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.