WARNING: Adobe Acrobat, Flash and Reader Zero Day Vulnerability


Adobe has issued a security advisory following the discovery of what it describes as a "critical vulnerability" which exists within the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) across all platforms, Windows, Macintosh and Linux operating systems, The same vulnerability can be found within the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems and has the potential to cause a crash which could then allow an attacker to take control of the system. Well, I say potential, but Adobe admits that there are "reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows".

Adobe goes on to confirm that it is "developing a fix" which it expects to be available by way of software upgrade by the 30th of July for Flash Player v9 and v10 for Windows, Macintosh, and Linux at least. Users of Flash Player v9 and v10 for Solaris will need to wait a while longer it would seem, and a confirmed date for the security update is still pending. Adobe Reader and Acrobat v9.1.2 updates for Windows and Macintosh users should be available on 31st July, although once more the date for Adobe Reader for UNIX users is pending.

In order to mitigate the threat in the meantime, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x although this will mean that users will "experience a non-exploitable crash or error message when opening a PDF that contains SWF content" which is nice. Vista users are being told to enable the User Access Control and exercise caution when browsing untrusted websites. Disabling JavaScript will not, I am led to believe, protect against the exploit on this occasion.

Depending on the product, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll.

The fact that the exploit is already being exploited both in the form of suspect PDF docs and drive-by download websites is truly worrying, as is the cross platform nature of the vulnerability which is just as likely to impact Firefox users as it is those with Internet Explorer.

My advice? Stop using Acrobat, Flash Player and Reader until Adobe gets its security act together once and for all. Advice that I have been giving to anyone who will listen for a few months now.

About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.