Adobe readies Flash fix

By

Disabling Flash ActiveX advised.

Adobe plans to rush out a fix for a Flash Player zero-day vulnerability by tomorrow, though users will have to wait until June 29 to receive a patch for the same flaw in Reader and Acrobat.

The bug, which could cause a crash or allow an attacker to take control of an affected system, is present in the latest version of Flash (10.0.45.2) and earlier for Windows, Macintosh, Linux and Solaris operating systems, Adobe said in a security advisory. Adobe did not say when it plans to patch the vulnerability.

The bug also affects the authplay.dll component of Adobe Reader and Acrobat 9 for Windows, Macintosh and UNIX operating systems. The cause of the vulnerability was unspecified.

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat,” the company said in its advisory.

The flaw is rated “extremely critical,” rating five out of five with vulnerability tracking firm Secunia.

The Flash Player 10.1 release candidate is confirmed as not vulnerable, as are Reader and Acrobat version 8. To avoid a possible exploit, users can consider disabling the Flash ActiveX control or installing a Flash blocker add-on, experts said. To avoid an attack in Reader or Acrobat, users can run an alternative PDF renderer.

See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
adobefixflashforreadiessecuritythursday

Sponsored Whitepapers

Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack
Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data
Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?