Adobe flaw was known about for seven months

By

Embarassment for Adobe's security response team.

The so-called zero day vulnerabilities discovered in Adobe’s Flash Player last week were actually known about for seven months, according to new reports.

Paul Royal, a principal researcher at web security service provider Purewire, is credited with first noticing that the flaw in Flash was actually logged into Adobe's bug and issue management system on December 31 last year.

Adobe will be embarrassed about the revelations its security response team knew about the vulnerability for months, especially as it was originally misdiagnosed as a “data loss corruption” issue, according to a ZDnet report.

The firm has now moved swiftly to address the issue, however, announcing that patches will be available by July 31 for Windows, Mac and Linux users.

“A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems,” acknowledged Adobe in a security advisory.

"This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.”

In the meantime, Adobe is recommending that users delete, rename, or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x, in order to mitigate the threat for those products.

Adobe flaw was known about for seven months
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

"VoidProxy" PhishKit targets Google and Microsoft users

"VoidProxy" PhishKit targets Google and Microsoft users

First npm worm "Shai-Hulud" released in supply chain attack

First npm worm "Shai-Hulud" released in supply chain attack

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Log In

  |  Forgot your password?