0

Adobe has issued a security advisory following the discovery of what it describes as a "critical vulnerability" which exists within the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) across all platforms, Windows, Macintosh and Linux operating systems, The same vulnerability can be found within the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems and has the potential to cause a crash which could then allow an attacker to take control of the system. Well, I say potential, but Adobe admits that there are "reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows".

Adobe goes on to confirm that it is "developing a fix" which it expects to be available by way of software upgrade by the 30th of July for Flash Player v9 and v10 for Windows, Macintosh, and Linux at least. Users of Flash Player v9 and v10 for Solaris will need to wait a while longer it would seem, and a confirmed date for the security update is still pending. Adobe Reader and Acrobat v9.1.2 updates for Windows and Macintosh users should be available on 31st July, although once more the date for Adobe Reader for UNIX users is pending.

In order to mitigate the threat in the meantime, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x although this will mean that users will "experience a non-exploitable crash or error message when opening a PDF that contains SWF content" which is nice. Vista users are being told to enable the User Access Control and exercise caution when browsing untrusted websites. Disabling JavaScript will not, I am led to believe, protect against the exploit on this occasion.

Depending on the product, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll.

The fact that the exploit is already being exploited both in the form of suspect PDF docs and drive-by download websites is truly worrying, as is the cross platform nature of the vulnerability which is just as likely to impact Firefox users as it is those with Internet Explorer.

My advice? Stop using Acrobat, Flash Player and Reader until Adobe gets its security act together once and for all. Advice that I have been giving to anyone who will listen for a few months now.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.