XIAM007

Making Unique Observations in a Very Cluttered World

Saturday, 5 June 2010

Adobe reports 'critical' flaw in Flash, Acrobat - says could let attackers take control of people's computers -

Adobe reports 'critical' flaw in Flash, Acrobat - says could let attackers take control of people's computers - 






Adobe has issued a security advisory about a "critical" vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of people's computers.

Affected software includes:The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available.
  • Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX
The company said the Flash Player 10.1 Release Candidate does not seem to be vulnerable and that Adobe Reader and Acrobat 8.x are confirmed not vulnerable.
Adobe didn't say when an official fix would be released, but according to the company, computer users can mitigate the Flash issue by downloading the release candidate mentioned above. The Acrobat and Reader issue can be addressed by "deleting, renaming, or removing access to the authplay.dll file" that ships with those products, Adobe said. This will, however, cause a nonexploitable crash or error message if a user opens a PDF file that contains SWF content. The .dll file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat, Adobe said.
The complete security advisory is available here.