Yet Another Adobe Vulnerability

September 13, 2010

As if the outstanding vulnerability in Adobe’s Reader and Acrobat products were not excess to our requirements, another vulnerability, this time in Adobe’s Flash Player, has been reported, and is apparently being exploited.   Flash Player versions 10.1.82.76 and earlier are affected, for all platforms (Mac OS X, Linux, Windows, and Solaris), as is version 10.1.92.10 for Android.   This vulnerability, which Adobe rates as Critical, also affects Reader and Acrobat, versions 9..3.4 and earlier, for Windows, Mac OS X, and Linux/UNIX.  Further details are in Adobe’s Security Advisory [APSA10-03].  The vulnerability has been assigned CVE-2010-2884.

Adobe indicates, in the Security Advisory, that it intends to release a patch for this vulnerability for Flash Player during the week of September 27.  They have not provided any mitigation advice or work-arounds.

Adobe has also updated their Security Advisory [APSA10-02] for the earlier vulnerability, indicating that they plan to release a patch for Reader and Acrobat during the week of October 4.  This patch will also include a fix for this latest vulnerability [APSA10-03].

I will post updates here when I get any new information.

Update Saturday, 18 September, 23:45 EDT

Adobe has updated its Security Advisory [APSA 10-03] to indicate that a patch will be available for Flash Player on Monday, September 20, 2010, for all platforms (Windows, Mac OS X, Linux, Solaris, and Android.  A patch in already included with the Flash Player built into the latest version of Google Chrome, 6.0.472.62.


The Ice Man Came

September 13, 2010

The “This Day in Tech” blog at Wired has an interesting article about the first delivery of ice, collected in New England, to Calcutta, India, on September 13, 1833.

The transoceanic operation, undertaken by the Tudor Ice Co., began in early May 1833, when approximately 180 tons of freshwater ice was loaded into the insulated hold of the sailing ship Tuscany in Boston.

The ice was “harvested” from frozen lakes and ponds during the winter.  (Thoreau writes about one such operation at Walden Pond, in Concord, Massachusetts, in the chapter “The Pond in Winter” in Walden.)

Of course, refrigeration had not yet been invented, so the ships carrying the ice, and the storage places for it, had to be built with considerable insulation — contemporary accounts suggest that a foot or more of insulating material surrounded the ice on all sides.

Having relatively pure ice, in a country with a warm climate, was a novelty and a luxury.  Even the Romans, who made a form of ice cream, had to rely on snow brought down from the mountains by runners.   The New England ice was, apparently, a big hit in India:

Locals marveled at the giant, icy cubes as they were unloaded from the specially outfitted seafaring vessels.

It would only be a few decades before mechanical refrigeration made it possible to make ice in India and other places where it never occurred naturally.  But it’s still kind of startling to realize that something that we take so much for granted had to be shipped halfway around the world not so long ago.


Adobe Reader/Acrobat Flaw Being Exploited

September 13, 2010

The Internet Storm Center at the SANS Institute has a new diary entry reporting that the recent vulnerability in Adobe’s Acrobat and Reader software is being actively exploited.  (This vulnerability has been assigned CVE-2010-2883 in the National Vulnerability Database.)   You should be very cautious with any PDF files whose origins or contents are questionable.

As I noted in my previous post, the Microsoft Enhanced Mitigation Experience Toolkit [EMET] can be used to block this exploit on Windows machines.  Directions and links are in that earlier post.  So far, Adobe has not announced any timetable for a fix.


%d bloggers like this: