Flaw in Adobe Flash Player and Adobe Reader

Adobe has reported a serious vulnerability in its Flash Player and Adobe Reader and Acrobat products. It says this defect could let attackers take control of people's computers.

The short-coming is actually being exploited and an official patch is not yet available.

Affected software includes:

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX

#-Link-Snipped-#Adobe also said that Flash Player 10.1 Release Candidate does not seem to be vulnerable and that Adobe Reader and Acrobat 8.x are confirmed as not to be vulnerable.

Adobe has not announced about when the official fix would be released, but according to the company, computer users can moderate the Flash issue by downloading the Release Candidate available at

#-Link-Snipped-#

The Acrobat and Reader issue can be addressed by deleting, renaming, or removing access to the authplay.dll file, which ships with those products. The .dll file is typically located at :
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader

However, this may cause a non exploitable crash or error message if a user opens a PDF file that contains SWF content.

The complete security advisory is available #-Link-Snipped-#.

Replies

You are reading an archived discussion.

Related Posts

In today’s education and research scenario should the students be permitted to take up courses outside their field of study? As the sciences and social sciences break the fetters of...
Carol Bartz CEO, Yahoo! asks Techcrunch’s Arrington to F*** Off! Last month, Yahoo! has shown that it has a strong backbone of its own. After facing so much flak from...
URL shortening is a technique on the World Wide Web where a provider makes a web page available under a very short URL in addition to the original address. Un-shortened...
On June 07, 2010 Apple changed the world (in their own words, of course) by introducing company's latest iPhone 4. Despite the infamous leaks to the press, Steve Jobs managed...
In a blog post, Google's engineer Carrie Grimes mentioned that the Google's latest upgrade to its search engine program is ready. Google calls it 'Caffeine'. In order to understand the...