Adobe has reported a flaw in its Flash Player and in a component of Reader and Acrobat that, when exploited, could allow an attacker to take control of a machine.
The flaw was reported just as Adobe released a large 10-vulnerability patch that included a fix for a previous flaw found in the Shockwave player.
The new vulnerability spreads across many versions of Flash, Reader and Acrobat and the company said that the fix it has started working on will take over a week to be finalised.
The latest release, version 10, will be patched after November 9, the company has promised, and earlier versions will be covered after November 15.
Until these fixes are released, Adobe advises users to delete or rename the “authplay.dll” file that ships with version 9 of Reader and Acrobat. The applications will still work unless the PDF file contains Flash content. If a Flash component is accessed the application will crash. Instructions for disabling the dll can be found in advisory CVE-2010-3654 on the Adobe site.
Flash Player version 10.1.85.3 and earlier versions are affected on Windows, Macintosh, Linux and Solaris operating systems, as well as 10.1.95.2 and earlier versions for Android.
The flaw also impacts the authplay.dll component in Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and Unix systems, as well as Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh.
This article originally appeared at itpro.co.uk
Copyright © ITPro, Dennis Publishing
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.