Adobe warns of Flash, Acrobat attack

June 7, 2010 | 10:40

Tags: #0-day #0day #acrobat #acrobat-reader #adobe-flash #adobe-reader #crack #cracker #flash #pdf #security #vulnerability #zero-day

Companies: #adobe #sophos

Adobe has one again entered the firing line with the news that its Reader, Acrobat, and Flash Player products are all vulnerable to a major flaw - and one which can leave systems vulnerable to attack by a remote cracker.

As reported by Sophos' Graham Cluley on his blog, Adobe this weekend issued a security advisory warning its users that a series of zero-day vulnerabilities in its software could leave them open to attack - regardless of the platform they're running.

The vulnerabilities - which are regarded by the company to be 'critical' - affect Adobe Reader, Acrobat, and Flash Player on Windows, Mac OS X, Linux, Solaris, and UNIX-based systems - in other words, every single platform the packages are currently available for.

The issue - which it is believed relates to the way that Acrobat handle ShockWave-format content embedded within files - can be mitigated by deleting the file authplay.dll from your installation directory. While this will result in Adobe Acrobat and Reader crashing should you open a PDF file containing ShockWave content, it'll prevent maliciously-crafted files from having their wicked way with your system.

Currently, there is no known workaround for the issue in Adobe Flash Player - although the company's director of product security Brad Arkin states that Adobe is working on a patch as quickly as possible. For now, the only way to be safe out there is to either uninstall the Flash Player plugins from your system, or to upgrade to the release candidate of Flash Player 10.1 which is not thought to be vulnerable.

These latest flaws - which echo a sad history of security vulnerabilities in the company's products - will do nothing to convince those on the fence regarding the company's public spat with Apple over the lack of support for Flash content on the iPhone platform that Adobe holds the high ground.

Do you think that this latest security vulnerability - in, let's face it, a long string - shows that Steve Jobs was right to deny Flash a foothold on the iPhone OS, or is anything as ubiquitous as Adobe's Flash and PDF technology bound to get targeted by those with evil intent? Share your thoughts over in the forums.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04