Department of Homeland Security Warns Users to Disable Flash

by John Lister on 20090724 @ 10:31PM EST | google it | send to friends
Filed under Security | (related terms: adobe, fix, windows, homeland security, flash embedded)

Adobe has vowed to fix a critical security hole in its Flash software within a week. But the Department of Homeland Security (DoHS) has taken the extremely unusual step of advising users to switch off the feature until the patch is available.

The hole can be used for so-called 'drive by' attacks occurring when a user simply visits an infected website. However, the relevant code is also shared with Adobe's Acrobat software, meaning it can cause security problems through PDF documents which have Flash embedded in them for greater interactivity. That technique had already been criticized as a security risk.

The problem can theoretically affect Windows, Linux and Mac computers. To date, it's only confirmed that hackers have exploited it on Windows machines running Adobe Reader 9.

Critical Fix Due July 30th

Adobe says it expects to have a fix for Flash Player 9 by next Thursday (July 30th) and for Adobe Reader and Acrobat the following day. In the meantime, Adobe advises users to exercise caution visiting websites they may not be able to trust, to make sure antivirus software is up to date, and to consider using User Account Control mode if running Windows Vista.

The firm also suggests users block access to the file named authplay.dll that ships with either Adobe Reader or Acrobat. The easiest way to find this file is to use Windows Search (Start -> Search), type in the filename and search for it.

Once the file is found, rename it to authplay-old.dll (for example), then rename it back to the original filename once the fix has been released. While the file is renamed, users will get an error message and possibly a crash when opening a PDF document with Flash embedded, but the risk of infection will be negated. (Source: adobe.com)

Government Calls For Stronger Action

That advice doesn't go far enough for the Department of Homeland Security. Its Computer Emergency Readiness Team (CERT) advises users to "Disable Flash Player or selectively enable Flash content" until the patch is released. (Source: us-cert.gov)

That would certainly do the trick, though it would mean many web features, including videos on YouTube, would become inaccessible. Depending on the browser/operating combination, users may be able to stop their computers running Flash content by default, while simply clicking to access any content they trust.

Free eBook: PC Maintenance Handbook - 2nd Edition. With the PC Maintenance Handbook, you'll learn how to improve your PC's performance, speed, and reliability. This guide is designed to help you find ways to maintain your Windows PC and ensure it remains clean and speedy throughout its life. PC maintenance doesn't have to be difficult, and this guide makes it easy to understand. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.

Free Newsletter

Stay informed -- get our timely news delivered via email or RSS!

Most Clicked Stories
(In the Past 15 Days)

Freebies

Recommended Sites

DownloadMix.com: More Freeware + Shareware

About

Established in 2001 and read by over 250,000 users world-wide, infopackets features the latest in headline news based on MS Windows, Internet, and technology trends. Subscription to our website is free! Join our discussion list, today!