Flash Player, Adobe Reader and Adobe Acrobat Plagued by Critical, Actively Exploited Vulnerability
Several of Adobe’s products are plagued by a critical security vulnerability announced the California-based company that specializes in creating multimedia and creativity software products. Adobe Flash Player, Adobe Reader and Adobe Acrobat are all plagued by a vulnerability which, if exploited by a person with malicious intent, could give the attacked control of the targeted machine.
“A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems,” announced Wendy Poland on behalf of the Adobe Product Security Incident Response Team (PSIRT).
The following Adobe products are affected:
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
- Adobe Reader 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
- Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
Adobe Reader 8.x and Adobe Acrobat 8.X are not vulnerable. Flash Player 10.1 Release Candidate seems to be unaffected as well (Adobe said it “does not appear to be vulnerable”).
Here comes the even worse news: there are reports that the vulnerability is being actively exploited in the wild. A patch for the vulnerability has not been released yet. Adobe did roll out a security advisory to help users mitigate the vulnerability. The mitigations include switching to Flash Player 10.1 RC, which is available for download here, and deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. Usually the file is located in C:/Program Files/Adobe/Reader 9.0/Reader/authplay.dll for Adobe Reader or C:/Program Files/Adobe/Acrobat 9.0/Acrobat/authplay.dll for Acrobat.
Director of Product Security with Adobe, Brad Arkin said that the company is working hard on a patch. Arkin could not say when the patch would be rolled out to Flash Player, Adobe Reader and Adobe Acrobat users.
Update May 8: Adobe announced when it plans to release a patch for this vulnerability. Read more here .
“A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems,” announced Wendy Poland on behalf of the Adobe Product Security Incident Response Team (PSIRT).
The following Adobe products are affected:
- Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
- Adobe Reader 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
- Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
Adobe Reader 8.x and Adobe Acrobat 8.X are not vulnerable. Flash Player 10.1 Release Candidate seems to be unaffected as well (Adobe said it “does not appear to be vulnerable”).
Here comes the even worse news: there are reports that the vulnerability is being actively exploited in the wild. A patch for the vulnerability has not been released yet. Adobe did roll out a security advisory to help users mitigate the vulnerability. The mitigations include switching to Flash Player 10.1 RC, which is available for download here, and deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. Usually the file is located in C:/Program Files/Adobe/Reader 9.0/Reader/authplay.dll for Adobe Reader or C:/Program Files/Adobe/Acrobat 9.0/Acrobat/authplay.dll for Acrobat.
Director of Product Security with Adobe, Brad Arkin said that the company is working hard on a patch. Arkin could not say when the patch would be rolled out to Flash Player, Adobe Reader and Adobe Acrobat users.
Update May 8: Adobe announced when it plans to release a patch for this vulnerability. Read more here .
