Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
joe schmoe Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Member 15th Sep, 2010 08:15
Ranking: 38
Posts: 139
User Since: 26th Nov, 2008
System Score: 100%
Location: US
Last edited on 15th Sep, 2010 08:18

Running PSI v 1.5.0.2, Win XP SP3, just applied M$ Updates (8).

Was reading Secunia News a day or so ago, and saw an entry re Adobe 0 day vulnerability, first Adobe Reader, now Adobe Flash, both now actively being exploited in the wild.

I do not see any similar thread now in progress, so I thought it best to bring this forward for everyone.

I am not aware of a viable replacement program with the same ease of use and performance.

Is there another program one can use while Adobe Flash is updated\repaired? Is the best course of action to remove this player from one browser or another. I run both FF 3.6.9 and IE 8.0. Google Chrome has an embedded Adobe Flash Player and that can only be updated when Google updates their browser.

Adobe version 10.1.82.76 is the most recent version available, as far as I know. This really stinks.

Do we (should I) need to uninstall this browser plugin to be safe?

Thank you,

Joe

XP Home SP3
1.5 GB RAM

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit

Post "RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!" has been selected as an answer.
mogs RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Expert Contributor 15th Sep, 2010 08:36
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
The most recent CYBERCLIP posts
, 75 and 74 also alluded to the alerts/reports; as did others previously.
Last month's CYBERCLIPS posts; 50 and 66 covered alternatives for Adobe Reader.


--
Was this reply relevant?
+0
-0
This user no longer exists RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Member 15th Sep, 2010 10:48
Last edited on 15th Sep, 2010 10:49 Hi,

There are Free (Open Source) Flash Player alternatives, the GNU Flash Player (gnash) and SWFDEC.
These players are sometimes used on GNU/Linux systems, though not all of the features required by some flash sites have been implemented, though they should work for normal sites like YouTube.
As far as I am informed, though, these are the only Flash Players that aren't from Adobe. Of course, mentioning these products is not an endorsement, just trying to be helpful.

The choice to remove an Insecure program, or migrate to another player (temporarily or permanently) is entirely up to you.

hope this helps.
Was this reply relevant?
+0
-0
UziUzi RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Member 15th Sep, 2010 20:33
Score: 18
Posts: 10
User Since: 15th Apr 2010
System Score: N/A
Location: US
sadly there is no viable replacement that I'm aware of.

Our best long term bet is that web site developers learn to not force
users to have Flash installed in order to use their websites..
It's a sad state of affairs when Web Devs can't see the value in protecting
their site visitors. It is not a secret that Adobe systems Flash code is constantly a problem. /shrug.

Until then you have two choices. Keep a easily compromised system that can
view and access Flash content or remove Adobe Flash and related security risks
and be very limited on web browsing.

One can use things like Firefox and no script to mitigate the problem but
to be honest that solution (one I use) is also a major pain in the ass.

It seems like Im having to deal with a new Flash and Adobe systems related
vulnerabilty on my systems about every week now.

Frankly, I'm wore out. At least I can remove Adobe Reader and find suitable
replacements like Foxit, but for Flash? I'd remove it and be done forever if
I could.
Quicktime as well has been removed from all my systems. Too often it is the bane of compromise. Frequent offender.


Thank you Secunia for PSI for without it we would be seriously hosed (bent over) out here.

Was this reply relevant?
+1
-0
Anthony Wells RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Expert Contributor 15th Sep, 2010 20:45
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

There are always ways to mitigate your paranoia : apart from not connecting your machine to the internet in the first place , some things are less drastic but do require your input/time/learning and application ; so they are not for everyone but do repay the effort of those inclined .

Here is Ian "Gizmo" Richards' highly respected advice :-

http://www.techsupportalert.com/safe-surfing.php

Take care

Anthony


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
joe schmoe RE: Adobe Flash 10.1.82.76 listed insecure - 0 day threat!
Member 16th Sep, 2010 07:24
Score: 38
Posts: 139
User Since: 26th Nov 2008
System Score: 100%
Location: US
Last edited on 16th Sep, 2010 07:25
@ Anthony,

Quite right you are about the paranoia. It is just that we all use machines (computers) to do so many things that can be good, and when someone else damages\corrupts\impairs the use of that machine, so much time and money is required to put it right again. Some machines are mission critical, esp. for business. <Sigh>

re mogs, I have decided to accept the end of the thread. I just wanted to see what others were thinking.

Joe

XP Home SP3
1.5 GB RAM

--
XP Pro SP3 P4 3.2 HT 2 GB RAM Avast! 9.0.2018 AIS
Win 7 Home Pro SP1 Pentium D 2.8 3 GB RAM Avast 9.0.2018 AIS
Secunia PSI 2.0.0.3003 XP Pro 32-bit & Win 7 H Pro 64-bit
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability