Adobe warns of critical security flaw in its products

No patch yet available for vulnerability in Flash Player, Reader and Acrobat

Adobe Systems Inc. has issued an alert about a critical vulnerability in its Flash Player, Adobe Reader and Acrobat products that is being actively exploited in the wild.

In a security advisory released late Friday, Adobe said the flaw could cause a crash and potentially allow an attacker to take control of a system. The company did not say when a patch would be available.

Trend Micro researchers reported on Saturday that they've seen malicious files exploiting the vulnerability.

According to the company, the vulnerability is in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

The Flash Player 10.1 Release Candidate doesn't appear to be vulnerable and Adobe Reader and Acrobat 8.x have been confirmed not to be vulnerable, Adobe said.

Adobe said deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for users of those products. However, the company warned of complications with that mitigation measure: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content."

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close