In association with heise online

29 October 2010, 00:54

Another critical hole in Adobe Flash, Reader and Acrobat

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Logo Only a few weeks after its comprehensive patch day, Adobe has had to admit to another critical hole in its products. The problem is once again caused by the Flash Player, which contains a critical security vulnerability. The vulnerable library – authplay – also allows attackers to exploit the hole via PDF files displayed in Adobe Reader. There are already reports of criminals exploiting this flaw to infect computers with malware via specially crafted emails.

Adobe say that all versions of Flash Player for Windows, Macintosh, Linux and Solaris are affected up to version; also affected is Flash Player version for Android. The vulnerable authplay library is shipped with versions 9.x of Reader and Acrobat; versions 8.x are apparently immune.

As a work around, Adobe currently recommends that users delete or rename the vulnerable file, which is authplay.dll in Windows, AuthPlayLib.bundle on Macs and on Unix-based systems. The workaround will cause Reader to crash when a PDF file attempts to render Flash content, but it will also prevent arbitrary code from being injected.

An upgrade to Flash Player 10.x is to become available on the 9th of November and will apparently fix the problem. Adobe has promised to release a patch for Reader and Acrobat in the week staring on the 15th of November. Until then, users are advised to be very cautious when handling PDF files from unknown sources.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit