[Blind-Computing] Special News Alert: Adobe Reader flaw appears in Flash

Tue, 14 Sep 2010 16:24:41 -0700 

http://www.komando.com/dailynews/index.aspx?id=9469

      Special News Alert: Adobe Reader flaw appears in Flash  


      Adobe has just announced a new security flaw in Flash. The flaw is the 
same as the recent problem revealed in Reader. The Flash flaw won't be patched 
until the week of Sept. 27. And the flaw in Reader won't be patched until the 
week of Oct. 4.

      Until the patches arrive, there are few options to stay safe. You can use 
another PDF reader. Unfortunately, though, there isn't a good alternative to 
Flash.

      Adobe and Microsoft recommend trying Microsoft's latest Enhanced 
Mitigation Experience Toolkit (EMET). This makes it easy to enable advanced 
security options in Windows. One of these options is turned off in Reader and 
Flash.

      The cause of the flaw is complex, but here's the short version. One of 
the Adobe files lacks Address Space Layout Randomization (ASLR) capability. 
This allows hackers to circumvent safeguards and run code.

      Activating ASLR for Flash and Reader can slow down hackers. Note that 
ASLR is only available in Windows Vista and 7. XP users will have to wait for a 
patch.

      Download and run the EMET program. Click the Configure System button. 
Change the Profile Name to Maximum Security Settings. Then click OK.

      Now click the Configure Apps button at the bottom of the program. Click 
the Add button. Then go to C:\Windows\System32\Macromed\Flash\. You will see at 
least one application (.EXE) file. Select that and click Open. Repeat this step 
for every .EXE file in that directory.

      Now click the Add button again. Go to C:\Program Files\Adobe\Reader 
9.0\Reader\. Select the application file AcroRDd32.exe. Then click Open.

      Once this is done, click OK. Now restart your computer. Your system 
should be reasonably protected.

      Now, it is important to note that Flash and Reader weren't designed to 
work this way. You may encounter some problems. In that case, you will need to 
turn off ASLR.

      Open the EMET program. Click the Configure Apps button. Now select an 
application and click the Remove button. Do this for all the affected programs. 
Click OK and restart the computer.  
For answers to frequently asked questions about this list visit:
http://www.jaws-users.com/help/

Reply via email to