05 June 2010

Mitigating new Adobe Flash, PDF 0day attack on Ubuntu Lucid

By now you'll have heard of the new 0day security vulnerability. So how to mitigate it? Two things, update to Flash Player 10.1 RC (I've wrote instructions on how last night), and disable Adobe Reader's access to Flash. Here's how to disable Reader's access to Flash on Ubuntu Lucid.

For Ubuntu Lucid, delete or rename these files (I had acroread installed via Synaptic Package Manager):

  1. /opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so
  2. /opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so.0.0.0
  3. /opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so

Note that Adobe Reader may crash when it tries to access Flash or 3D content, but that's the price of securing against Adobe's security bugs. Let's see how long it takes for them to fix it.

No comments: