Adobe to fix critical vulnerability in Flash this Thursday
Adobe has announced that it will release an update for Flash Player this Thursday, the 10th of June. The update is intended to fix the vulnerability reported at the weekend in the
authplay.dll library. The same library is also used in Reader and Acrobat 9.x. The Windows, Mac OS X and Unix (including Linux) versions of all three products are affected. Attackers can exploit the vulnerability to gain control of a system. The Flash Player 10.1 release candidate is not affected and version 8 of Adobe Reader and Adobe Acrobat are also unaffected.
The company says that an update for Adobe Reader and Acrobat will be released on 29th June, two weeks prior to the normal quarterly patch day date. As well as the problem in
authplay.dll, fixes for other, as yet undisclosed vulnerabilities will also be released. Adobe has taken this decision in order to avoid releasing two updates within a period of just a few weeks, as, according to Adobe, the patch management work involved would, for large companies, be too great.
Until the update is released, Adobe is advising Adobe Reader and Adobe Acrobat 9 users to delete, rename or move authplay.dll. Adobe admits, however, that this does lead to crashes when opening PDF files containing Flash content. In Windows, the file is usually located in
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll.
- Zero-day vulnerability in Adobe Flash Player, Reader and Acrobat, a report from The H.