facebook rss twitter

Adobe Flash Player, Reader and Acrobat pose security risk

by Parm Mann on 7 June 2010, 11:39

Tags: Adobe (NASDAQ:ADBE)

Quick Link: HEXUS.net/qayl3

Add to My Vault: x

Adobe has announced that a critical vulnerability exists in three of its most ubiquitous applications; Flash Player, Reader and Acrobat.

The vulnerability, which Adobe states is currently being "actively exploited in the wild", can cause the company's software to crash and allow remote attackers to hijack control of the system.

According to Adobe, the exploit exists in various versions of Flash Player, Reader and Acrobat, and users of varying operating systems are at risk; with Windows, Mac, Linux, Solaris and UNIX platforms all said to be affected.

Although a schedule for a fix hasn't yet been determined, Adobe states that users can protect themselves by upgrading to Flash Player 10.1 Release Candidate - a pre-final release of the software that isn't thought to be vulnerable to attack.

Adobe adds that "deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content."

Alternatively, users of Adobe Reader and Adobe Acrobat can also downgrade to version 8.x releases - all of which are said to be unaffected.

Adobe's latest security vulnerabilities arrive amid a high-profile spat with system manufacturer Apple; who opted not to support Adobe Flash on its iPhone and iPad devices. In recent weeks, Apple CEO Steve Jobs has claimed that "Flash is the number one reason Macs crash", adding that "we don't want to reduce the reliability and security of our iPhones, iPods and iPads by adding Flash".

HEXUS Forums :: 13 Comments

Login with Forum Account

Don't have an account? Register today!
Apple are going to have a field day with this, especially the fact that Adobe aren't yet able to say when it will be fixed. Though Adobe can't have had much choice; if they tried to fix it quietly and someone found out, it would be a PR disaster. At least this way they can play the honesty card…
It does go a way to vindicate Apple's choice, admittedly, but surely every piece of software ever written is potentially open to abuse - it is just a matter of time until the mechanism to exploit it is found?
All software has security flaws. That's why you need to upgrade to the latest versions. This won't make me stop using Flash.

But of course, Apple is gonna love this. And I am sure the fanboys will try to use this for yet another reason to pursue people to buy Apple products even though they are subject to security vulnerabilities as well.
given the amount of issues safari has, they can't claim their recent record is any better than adobes.

But it is true in as much as fewer lines of code means fewer potential attack vectors, so i suppose apple are kinda right.

I would still laugh my arse off if adobe just pulled the plug on their suite for OSX. Would be really good to get a better photoshop on win, that is one that is soley designed for, none of this cross platform cruddyness.
This is nothing new, Flash has a long history of vulnerabilities. People don't use it because it's safe, people use it because lots of sites use it. Even when they shouldn't *cough*ads*cough*.