Sunday, June 06, 2010

Adobe Flash/Reader Vulnerability Mitigation Options

Reports are that exploitation of the critical vulnerability in Adobe Flash player is growing rapidly. This vulnerability can also be vectored through malicious PDF files to invoke Flash.

Although Adobe has reported that Flash version 10.1 does not appear to be vulnerable to this attack (available from Adobe Labs), this is a release candidate and not the final version. Of course, that is the option suggested by Adobe but many people prefer not to run beta or RC software on their computer systems. Personally, I prefer to take a different route.

For people who use Internet Explorer, I recommend disabling Flash with WinPatrol. Merely launch WinPatrol, select the ActiveX tab and click the Shockwave Flash Object. Click Disable and Yes to the WinPatrol warning:

If you use Firefox, with the NoScript Firefox extension, Flash can be executed only by trusted websites of your choice. However, even with NoScript installed, I recommend disabling the Shockwave Flash plugin:

I long ago left Adobe Reader behind, uninstalling it from all my computers. I prefer Sumatra PDF. Although the bright yellow background is a bit harsh to my liking, Sumatra PDF is a clean, light-weight PDF reader that just works. It has no undesirable toolbars, does not write to the registry and can be run from an external USB drive. Other open source PDF Readers are available from

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, WinPatrol, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: