Adobe has issued a security advisory about a "critical" vulnerability in its Flash Player and Adobe Reader and Acrobat products that it says could let attackers take control of people's computers.
Affected software includes:The company said late Friday that there had been reports of the hole actually being exploited and that an official patch was not yet available.
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris
- Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX
Adobe didn't say when an official fix would be released, but according to the company, computer users can mitigate the Flash issue by downloading the release candidate mentioned above. The Acrobat and Reader issue can be addressed by "deleting, renaming, or removing access to the authplay.dll file" that ships with those products, Adobe said. This will, however, cause a nonexploitable crash or error message if a user opens a PDF file that contains SWF content. The .dll file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat, Adobe said.