Zero-day vulnerability in Adobe Flash Player, Reader and Acrobat
Adobe is warning of a critical security vulnerability in its current Flash Player for Windows, Macintosh and Linux. Adobe Reader and Acrobat 9.x for all platforms are also affected. The vulnerability is already being actively exploited two ways, via crafted PDF documents and manipulated web sites (drive-by downloads). It's reported that the exploit used in drive-by downloads can infect the PCs of users of both Internet Explorer and Firefox.
Adobe is working on a solution to the problem and believes that it will be able to provide an update by the 30th of July for Flash Player for Windows, Macintosh and Linux, with the Solaris version following a little later. The update for Adobe Reader and Acrobat, at least for Windows and Mac, is expected to appear on 31 July. An exact date for the Unix version has yet to be announced.
Adobe itself has so far only observed specific attacks against Reader and, until a patch is available, recommends that users of Reader for Windows either delete
authplay.dll, rename it, or make it inaccessible. This file is normally located at
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll. Adobe does note though that as a result of moving or deleting
authplay.dll "users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content". Instructions for other platforms were not issued by Adobe.
Symantec says that the PDF trojan (Trojan.Pidief.G) installs a back door on the system that connects up to three servers. The exploit is probably not yet particularly widespread so far, but that could change very quickly. Adobe is working with anti-virus software manufacturers to improve the detection of an infection.
- Security advisory for Adobe Reader, Acrobat and Flash Player, advisory from Adobe.
- Trojan.Pidief.G, advisory from Symantec.