Adobe finds exploited flaw in Flash Player

By

Patching on the run.

Adobe has reported a flaw in its Flash Player and in a component of Reader and Acrobat that, when exploited, could allow an attacker to take control of a machine.

Adobe finds exploited flaw in Flash Player

The flaw was reported just as Adobe released a large 10-vulnerability patch that included a fix for a previous flaw found in the Shockwave player.

The new vulnerability spreads across many versions of Flash, Reader and Acrobat and the company said that the fix it has started working on will take over a week to be finalised.

The latest release, version 10, will be patched after November 9, the company has promised, and earlier versions will be covered after November 15.

Until these fixes are released, Adobe advises users to delete or rename the “authplay.dll” file that ships with version 9 of Reader and Acrobat. The applications will still work unless the PDF file contains Flash content. If a Flash component is accessed the application will crash. Instructions for disabling the dll can be found in advisory CVE-2010-3654 on the Adobe site.

Flash Player version 10.1.85.3 and earlier versions are affected on Windows, Macintosh, Linux and Solaris operating systems, as well as 10.1.95.2 and earlier versions for Android.

The flaw also impacts the authplay.dll component in Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and Unix systems, as well as Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh.

This article originally appeared at itpro.co.uk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © ITPro, Dennis Publishing
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?