NEWS FROM THE LAB - Monday, June 7, 2010

Block Flash Posted by Sean @ 13:03 GMT

There's going to be numerous updates published tomorrow by Microsoft.

But you'll more likely want to keep an eye on Adobe. Current versions of Flash are vulnerable.

Adobe Security Bulletin, June 4th

"A critical vulnerability exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems."

The vulnerability is currently being exploited in the wild. You can determine your version of Flash here.

If you're using Adobe Reader, consider another application. You'll find suggestions in our comments here and here.

As for Flash… well, unless you're Steve Jobs, you probably need or want to have Flash installed, at least sometimes. Adobe Labs has prereleases available here. The 10.1 release candidate does not appear to be vulnerable.

If you don't regularly use Internet Explorer, why not go ahead and uninstall or disable the Flash ActiveX control. What's the point of having it if you don't use it?

If you're a Firefox user, you could consider installing a Flash blocking add-on such as Flashblock. It's very simple to configure, unlike NoScript, easy to use and does its job well.

Here a short Flash video demo:

Yes, short Flash video, the irony is not lost on us.

Updated to add: Adobe's advisory now reports that Flash will be updated on June 10th and Acrobat and Reader on June 29th.