Department of Homeland Security Warns Users to Disable Flash
Adobe has vowed to fix a critical security hole in its Flash software within a week. But the Department of Homeland Security (DoHS) has taken the extremely unusual step of advising users to switch off the feature until the patch is available.
The hole can be used for so-called 'drive by' attacks occurring when a user simply visits an infected website. However, the relevant code is also shared with Adobe's Acrobat software, meaning it can cause security problems through PDF documents which have Flash embedded in them for greater interactivity. That technique had already been criticized as a security risk.
The problem can theoretically affect Windows, Linux and Mac computers. To date, it's only confirmed that hackers have exploited it on Windows machines running Adobe Reader 9.
Critical Fix Due July 30th
Adobe says it expects to have a fix for Flash Player 9 by next Thursday (July 30th) and for Adobe Reader and Acrobat the following day. In the meantime, Adobe advises users to exercise caution visiting websites they may not be able to trust, to make sure antivirus software is up to date, and to consider using User Account Control mode if running Windows Vista.
The firm also suggests users block access to the file named authplay.dll that ships with either Adobe Reader or Acrobat. The easiest way to find this file is to use Windows Search (Start -> Search), type in the filename and search for it.
Once the file is found, rename it to authplay-old.dll (for example), then rename it back to the original filename once the fix has been released. While the file is renamed, users will get an error message and possibly a crash when opening a PDF document with Flash embedded, but the risk of infection will be negated. (Source: adobe.com)
Government Calls For Stronger Action
That advice doesn't go far enough for the Department of Homeland Security. Its Computer Emergency Readiness Team (CERT) advises users to "Disable Flash Player or selectively enable Flash content" until the patch is released. (Source: us-cert.gov)
That would certainly do the trick, though it would mean many web features, including videos on YouTube, would become inaccessible. Depending on the browser/operating combination, users may be able to stop their computers running Flash content by default, while simply clicking to access any content they trust.
Free eBook: PC Maintenance Handbook - 2nd Edition. With the PC Maintenance Handbook, you'll learn how to improve your PC's performance, speed, and reliability. This guide is designed to help you find ways to maintain your Windows PC and ensure it remains clean and speedy throughout its life. PC maintenance doesn't have to be difficult, and this guide makes it easy to understand. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.