Adobe Acknowledges Reader, Acrobat, Flash Player Critical Vulnerability
Article by George Norman
On 23 Jul 2009
Yesterday we announced that a potential vulnerability affecting Adobe Reader 9.1.2, Acrobat Reader 9.1.2, Adobe Flash Player 9, and Adobe Flash Player 10 has been uncovered. At the time Adobe said that it will look in to the matter and pending an investigation will provide an update. It seems that the investigation is over because the California-based company that specializes in creating multimedia and creativity software products has indeed provided an update and a Security Advisory – it seems that the vulnerability has been given the “critical” rating.

“A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows,” explained on behalf of the Adobe Product Security Incident Response Team (PSIRT), Wendy Poland.


Just to put things in perspective, when a vulnerability is rated as “critical” it means that a person with malicious intent could exploit said vulnerability to execute code on the targeted machine. The user may not be aware that malicious native-code is being executed on the machine. This critical vulnerability affects the following platforms: Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions; Adobe Flash Player and and earlier 9.x and 10.x versions.

At the time the vulnerability was announced I speculated that since Adobe now mimics Microsoft’s Patch Tuesday program, an fix will be provided on the 11th of August – unless of course the security issue is so serious (read actively exploited) that a fix needs to be rolled out earlier. It seems that I was right because according to PSIRT, Adobe is working on a fix and will make it available by the end of the month.

And more specifically:
- By July 30th, an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux will be released.
- By July 31st, an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX will be released.

Until a fix is released, Adobe advises you to use this mitigation: “Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content. Depending on the product, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll or C:Program FilesAdobeAcrobat 9.0]Acrobatauthplay.dll. Windows Vista users should consider enabling UAC (User Access Control) to mitigate the impact of a potential exploit. Flash Player users should exercise caution in browsing untrusted websites.”

Tags: Adobe, Adobe Reader, Acrobat, Adobe Flash Player
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Adobe Acknowledges Reader, Acrobat, Flash Player Critical Vulnerability
HTML Linking Code