Adobe Says When It Plans to Plug Critical Flash Player, Reader and Acrobat Vulnerability
The other day we were announcing that a critical security vulnerability is affecting Adobe Flash Player, Adobe Reader and Adobe Acrobat. The vulnerability in question could grant an attacker control over the targeted machine, so it is a big deal. Furthermore, there are reports that the vulnerability is being actively exploited in the wild – which makes it an even bigger deal.
Adobe has now come out to announce specific dates when it will address this security vulnerability:
- By June 10 a patch for Flash Player 10.x for Windows, Macintosh, and Linux will be released.
- By June 29 a patch for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX will be released.
Adobe also plans to release a patch for Flash Player 10 for Solaris – but the date when this patch will be released has yet to be determined.
Until the patches for the vulnerability are released, you are well advised to check out this security advisory which is meant to help you mitigate the vulnerability. The security advisory basically says that the Flash Player vulnerability can be mitigated by switching to Flash Player 10.1 RC, which is available for download here. The Adobe Reader and Adobe Acrobat vulnerability can be mitigated by deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. Usually the file is located in C:/Program Files/Adobe/Reader 9.0/Reader/authplay.dll for Adobe Reader or C:/Program Files/Adobe/Acrobat 9.0/Acrobat/authplay.dll for Acrobat.
As a little reminder, the following Adobe products are affected by the vulnerability:
The following Adobe products are affected:
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
- Adobe Reader 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
- Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
Adobe Reader 8.x and Adobe Acrobat 8.X are not vulnerable. Flash Player 10.1 Release Candidate is not vulnerable as well (this time it is confirmed – previously Adobe said it “does not appear to be vulnerable”).
Adobe has now come out to announce specific dates when it will address this security vulnerability:
- By June 10 a patch for Flash Player 10.x for Windows, Macintosh, and Linux will be released.
- By June 29 a patch for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX will be released.
Adobe also plans to release a patch for Flash Player 10 for Solaris – but the date when this patch will be released has yet to be determined.
Until the patches for the vulnerability are released, you are well advised to check out this security advisory which is meant to help you mitigate the vulnerability. The security advisory basically says that the Flash Player vulnerability can be mitigated by switching to Flash Player 10.1 RC, which is available for download here. The Adobe Reader and Adobe Acrobat vulnerability can be mitigated by deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. Usually the file is located in C:/Program Files/Adobe/Reader 9.0/Reader/authplay.dll for Adobe Reader or C:/Program Files/Adobe/Acrobat 9.0/Acrobat/authplay.dll for Acrobat.
As a little reminder, the following Adobe products are affected by the vulnerability:
The following Adobe products are affected:
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
- Adobe Reader 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
- Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
Adobe Reader 8.x and Adobe Acrobat 8.X are not vulnerable. Flash Player 10.1 Release Candidate is not vulnerable as well (this time it is confirmed – previously Adobe said it “does not appear to be vulnerable”).
