News Stay informed about the latest enterprise technology news and product updates.

Adobe warns of critical security flaw in its products

No patch yet available for vulnerability in Flash Player, Reader and Acrobat

Adobe Systems Inc. has issued an alert about a critical vulnerability in its Flash Player, Adobe Reader and Acrobat products that is being actively exploited in the wild.

In a security advisory released late Friday, Adobe said the flaw could cause a crash and potentially allow an attacker to take control of a system. The company did not say when a patch would be available.

Trend Micro researchers reported on Saturday that they've seen malicious files exploiting the vulnerability.

According to the company, the vulnerability is in Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

The Flash Player 10.1 Release Candidate doesn't appear to be vulnerable and Adobe Reader and Acrobat 8.x have been confirmed not to be vulnerable, Adobe said.

Adobe said deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for users of those products. However, the company warned of complications with that mitigation measure: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content."

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.