SBS - The Best Value in QMS software

Adobe Warns of Critical Flash Bug, Already Being Exploited

Marc

Fully vaccinated are you?
Staff member
Admin
#1
On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms, including Android, as well as Reader on Windows and Mac, and won't be patched for nearly two weeks. The new Flash bug came to light early Thursday when a researcher posted information about the problem, as well as a Trojan that is exploiting it and dropping a pair of malicious files on vulnerable PCs. Researcher Mila Parkour tested the bug and posted a screenshot of the malicious files that a Trojan exploiting the vulnerability drops during its infection routine. Adobe has since confirmed the vulnerability and said that it is aware of the attacks against Reader.

"A critical vulnerability has been identified in Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.

Another cross-platform (aka OS) vulnerability.

As many already know, Apple is abandoning Flash.
 
Elsmar Forum Sponsor
#2
A possible remedy, then:

Adobes track record is not entirely free from smudges. After suffering numerous Adobe related crashes I switched to Foxit Reader (which I have nothing to do with, except from being a satisfied user), and all of a sudden there was no problem. I have no idea whether this vulnerability can be exploited via Adobe documents read by this software or not, but at least it is a better application: Clearly faster and as I said, much more stable. Worth a try, perhaps?

/Claes
 

Marc

Fully vaccinated are you?
Staff member
Admin
#3
Yeah - Macs have Preview. It's a 'built in' program which reads .pdf files. It's a simple reader that doesn't have an attack vector (it's totaly sandboxed). I haven't tried Foxit Reader.
 

Wes Bucey

Prophet of Profit
#4
This should serve as a warning to everyone. Sometimes Im thinking that Linux is better.. hmmmm
As we've learned over the years, once ANY platform gets enough users, it becomes a target for hackers [crackers?] who, in the aggregate, are genius enough to attack ANY platform once it becomes a juicy target.
 
Thread starter Similar threads Forum Replies Date
G Re-numbering or editing Dynamic Stamps in Adobe Acrobat Document Control Systems, Procedures, Forms and Templates 0
JAMESH Adobe Acrobat-Pro Unflattened Markups not printing Document Control Systems, Procedures, Forms and Templates 2
Q Experience with Adobe Sign Document Control Systems, Procedures, Forms and Templates 3
S Is Adobe Sign - E-signature for QMS documents - 21 cfr part 11 compliant? ISO 13485:2016 - Medical Device Quality Management Systems 2
W Red Ballooning Stamp for Adobe Acrobat Files Quality Manager and Management Related Issues 1
S How much do trainers charge typically for an Adobe Connect / WebEx based training? Training - Internal, External, Online and Distance Learning 3
V Option for adding date-time to the copies printed from Adobe Acrobat (pdf) Quality Assurance and Compliance Software Tools and Solutions 1
Marc Adobe's PDF Format Is Now ISO 32000 DIS Other ISO and International Standards and European Regulations 1
G Software Validating Adobe Professional according to Part 11? Quality Assurance and Compliance Software Tools and Solutions 10
T FDA CFR 21 / 11 - Keep the records we scan in using Adobe? ISO 13485:2016 - Medical Device Quality Management Systems 6
J 21 CFR Part 11 - Securing Electronic signatures using Adobe Acrobat Qualification and Validation (including 21 CFR Part 11) 1
W Is anyone using Adobe photoshop 7? Coffee Break and Water Cooler Discussions 6
B Adobe Acrobat Problems Document Control Systems, Procedures, Forms and Templates 18
M FDA News Safety Alert – USFDA warns about safety risks of teething necklaces, bracelets to relieve teething pain or to provide sensory stimulation Medical Device and FDA Regulations and Standards News 0
AnaMariaVR2 St. Jude Medical does the unthinkable: Warns of FDA warning letter before FDA issues US Food and Drug Administration (FDA) 5
Ajit Basrur FDA warns public of continued extortion scam by FDA impersonators US Food and Drug Administration (FDA) 0
Marc Browsing NYTimes.com? Site Warns Of Malware After Work and Weekend Discussion Topics 2
Ajit Basrur FDA Warns Consumers Nationwide Not to Eat Certain Types of Raw Red Tomatoes US Food and Drug Administration (FDA) 5
Ajit Basrur FDA warns on Hot Dog Chilli Sauce US Food and Drug Administration (FDA) 1
S Distinction between a critical supplier and a Virtual manufacturer EU Medical Device Regulations 2
R Critical Characteristics & Special Characteristics FMEA and Control Plans 2
J Where is the definition of a critical supplier? ISO 13485:2016 - Medical Device Quality Management Systems 5
S Critical characteristic on manufacturing operations test procedure Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
B Software service provider as critical supplier ISO 13485:2016 - Medical Device Quality Management Systems 5
M Critical Characteristics APQP and PPAP 1
B FCA US Customer Specific IATF 16949- Critical Characteristics 8.6.2 Customer and Company Specific Requirements 0
B ISO 11607-2 "Critical Parameter" vs. "Process Parameter" Other Medical Device Related Standards 6
T ISO 13485 - Process validation at critical suppliers ISO 13485:2016 - Medical Device Quality Management Systems 7
Jane's Like-for-like critical raw material change qualification - type of testing/ number of lots required ISO 13485:2016 - Medical Device Quality Management Systems 4
F Is there such a thing as 'Critical supplier' status under the Dept. of Health (UK)? Medical Device and FDA Regulations and Standards News 2
D Definition of "Critical Laboratory Equipment"? General Measurement Device and Calibration Topics 1
M Changing supplier of critical raw material (III class device) Other Medical Device and Orthopedic Related Topics 1
C Critical Suppliers for EU medical device approvals May 2020 EU Medical Device Regulations 1
M Informational Critical Thinking and the Process of Evidence-Based Practice Medical Device and FDA Regulations and Standards News 0
J How to measure a Critical Characteristic that is a Basic Dimension Misc. Quality Assurance and Business Systems Related Topics 6
O Examples of Critical process parameter (CPP) and Critical quality attribute (CQA) Manufacturing and Related Processes 2
R Critical suppliers (Definition of) and MDSAP (Medical Device Single Audit Program) ISO 13485:2016 - Medical Device Quality Management Systems 17
C Suppliers re-classification from Critical to Significant or from Significant to Non-critical Supply Chain Security Management Systems 0
H Critical Supplier Agreement acc. to NBOG 2010-1 Annex II EU Medical Device Regulations 10
andika_untoro What are a good Critical to Quality (CTQ) metrics for a biotech manufacturing production? Lean in Manufacturing and Service Industries 0
A API Q1 9th ed Addendum 2 - Vendor Assessment for critical products Oil and Gas Industry Standards and Regulations 18
M Does a CDR (Critical Design Review) have to have a moderator that is unconnected to the team? Design and Development of Products and Processes 4
S Critical supplier - Obligated to have an ISO-certified QMS? ISO 13485:2016 - Medical Device Quality Management Systems 8
A Critical Supplier/Quality Agreement Procedure ISO 13485:2016 - Medical Device Quality Management Systems 8
C AS9100 8.3.5.e Design and Development Outputs - Key Characteristics / Critical Items AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
J What level PPAP for 5 critical parts? APQP and PPAP 8
C Partial Design Validation and changes to a critical supplier 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
D Determining Critical Components for conformity with IEC 60601-1 IEC 60601 - Medical Electrical Equipment Safety Standards Series 21
S Financial status of critical vendor IEC 27001 - Information Security Management Systems (ISMS) 7
Ajit Basrur CDRH Premarket Approval Application Critical to Quality Pilot Program US Food and Drug Administration (FDA) 0

Similar threads

Top Bottom