Journal: Security Advisory (digest): Adobe Flash, Adobe Reader

Due to serious vulnerabilities discovered in both these programs, and which are under active exploitation, Adobe Reader and Adobe Flash have been removed from all workstations.

Adobe expects to issue patches by July 30 for flash and July 31 for reader.

Adobe Flash is a plugin for "rich multimedia" which is used primarily to deliver animations and videos, ranging from frivolous decorations to entire feature films. Hulu, Youtube, Pandora and many other sites are dependent on Flash. Flash has had a series of security and performance problems (N.B. very strong language) across all platforms since the indefinite past.

Adobe Reader is the most popular software and plugin for accessing PDF files.

An experimental non-Adobe version of Flash has been made available, temporarily, as a stop-gap measure until Adobe mitigates the threat. This software is not complete and does not work as well.

When viewing PDF files from The Public Internet you will may need to change your browser to open them with a different reader. You do not need to take this step if PDF files open correctly.

• Go to "Edit → Preferences",

1. Click "Applications".
2. Enter the letters pdf in the "Search" field.
3. Open the "Action" menu and select "Use Other"

• Enter /usr/bin/okular in the "Location:" field and press [enter]

• Close the Preferences dialog

The patched version of Adobe Reader will not be re-installed after the bug is fixed, unless it is needed. Okular and similar open-source programs are much faster, more secure, more stable and smaller (Adobe Reader is the single largest package installed on the system, it is larger than the Kernel). Okular and other open-source programs do not implement some of the more esoteric PDF featurs, so reader will be reinstalled if a PDF file is encountered that they cannot handle.

Thank you for your patience with this problem, it is not necessary to file a PR about this.

Update (July 31 2009, 10:49AM)

This security advisory is no longer in effect. Adobe has issued patched versions of Flash for all platforms except Solaris.

Flash-dependent sites such as Youtube and Hulu will now work correctly, again. No action is required on your part.

<< Approaching Hiatus | News Index | Privacy Announcement, Offsite Backup Trials >>

News & Notes is the a journal of The Vistua Network Administration and the factuality of this content is guaranteed. From time-to-time, this content may contain normative statements or set policy.