Critical Adobe Flash and Reader flaw being exploited

By

Present in latest versions.

A critical zero-day vulnerability in Adobe Reader, Acrobat and Flash Player is currently being actively exploited by cybercriminals, Adobe has warned.

The flaw, which could cause a crash or allow an attacker to take control of an affected system, is present in the latest version of Adobe Flash Player (10.0.45.2) and earlier for Windows, Macintosh, Linux and Solaris operating systems, Adobe said in a security advisory.

The bug also affects the authplay.dll component of Adobe Reader and Acrobat 9 for Windows, Macintosh and UNIX operating systems. The cause of the vulnerability was unspecified.

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat,” Adobe said in its advisory.

The flaw currently remains unpatched with no schedule for a fix. It was rated “extremely critical” or a 5 out of 5 by Danish vulnerability tracking firm Secunia.

Adobe has provided a workaround for affected versions of Adobe Reader and Acrobat. Users can mitigate the threat by deleting or renaming the authplay.dll file in Adobe Reader and Acrobat, Adobe said. Doing so could, however, cause an error message or non-exploitable crash when opening certain PDF files.

The authplay.dll file is usually located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

In addition, a pre-release version of Flash Player 10.1, which is currently available, does not appear to be affected by the vulnerability, Adobe said.

See original article on scmagazineus.com

Critical Adobe Flash and Reader flaw being exploited
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?