Flash Zero Day

I wrote about a Flash zero day yesterday.
Its important to note that while it may be possible to disable Flash (and other multimedia) content inside of Adobe Reader PDFs (in fact that may be the default setting, its not clear to me) (this setting has no effect) the attack has been seen as straight Flash on websites. You’d only be mitigating against one attack vector.
Symantec’s writeup is here
Adobe has updated their security advisory.
One mitigation listed is to “Delete, rename, or remove access to the authplay.dll.” At the time of this blog entry, Adobe did not say what side effects this would have.
Updates for Adobe Flash are expected by July 30th for Windows, Mac and Linux. Updates for Solaris are bending. Updates for Adobe Reader and Adobe Acrobat are expected by July 31.
I just started the process for updating Adobe Shockwave. Looks like Adobe is keeping me busy.
Keep an eye on that Adobe Security Advisory link as well as http://blogs.adobe.com/psirt/