Late Friday evening Adobe Systems Inc. released a statement warning users of a critical flaw in its Adobe Reader, Flash, and Acrobat. This previously unknown hole has been exploited by hackers.
“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat,” the company released in a brief blog post. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”
According to Adobe the vulnerability exists in Flash 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and a component (authplay.dll) of Adobe Reader and Acrobat versions 9.x for Windows, Mac and Unix operating systems.
It is noted that the Flash Player 10.1 Release Candidate, available here, does not appear to be vulnerable. Further, Adobe Reader and Acrobat 8.x are confirmed to not be vulnerable. Adobe Reader and Acrobat users can eliminate the threat by deleting, renaming, or removing access to the authplay.dll file that ships with Reader and Acrobat (Although these users may still experience a non-exploitable crash or error message when opening a PDF that contains flash content).
For Adobe Reader the vulnerable file should be located at:
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll
For Acrobat it should be at:
C:\Program Files\Acrobat 9.0\Acrobat\authplay.dll
Adobe says that they are working to create an official patch for the problem.
0 comments:
Post a Comment