Article

Adobe warns of critical security flaw in its products

SearchSecurity.com staff

Adobe Systems Inc. has issued an alert about a critical vulnerability in its Flash Player, Adobe Reader and Acrobat products that is being actively exploited in the wild.

In a security advisory released

    Requires Free Membership to View

late Friday, Adobe said the flaw could cause a crash and potentially allow an attacker to take control of a system. The company did not say when a patch would be available.

Trend Micro researchers reported on Saturday that they've seen malicious files exploiting the vulnerability.

According to the company, the vulnerability is in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

The Flash Player 10.1 Release Candidate doesn't appear to be vulnerable and Adobe Reader and Acrobat 8.x have been confirmed not to be vulnerable, Adobe said.

Adobe said deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for users of those products. However, the company warned of complications with that mitigation measure: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: