Adobe has released an advisory regarding a critical vulnerability found in Flash and Acrobat.
The vulnerability, found in authplay.dll can allow an attacker to crash and potentially control an affected system. There is not currently an official patch, but Adobe has stated that renaming, deleting or controlling access to authplay.dll mitigates the threat and is a stop-gap until a patch can be released.
Affected versions include; Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.
The Flash 10.1 release candidate does not “appear” to be affected, which seems to be pretty ambiguous wording for a potentially dangerous vulnerability. Adobe will be updating advisory information as a patching schedule becomes available.
- Similar posts
- Adobe reader exploit to be patched this tuesday (59.9%)
- Apple patches Mac OS X (22.4%)
- New Chrome OS 0.4.220 beta is available (13.9%)
- Internet Explorer security flaw (8%)
- Windows 8 set for 2012? (5.9%)
Adobe has fixed a “critical” security flaw that had the potential to allow hackers to take control of affected computer systems.
The bug was first spotted in early June week following a small number of targeted attacks.
The security update is one in a bumper update package that fixes a total of 32 documented vulnerabilities.
Adobe’s Flash and Reader software have emerged as prime targets for hi-tech criminals in the past year.
Users running Windows, Macintosh or Linux were all thought to be vulnerable to attack.
Security firm Websense said the flaw was being exploited via e-mails that prompted recipients to open booby-trapped websites seeded with malware.
http://news.bbc.co.uk/1/hi/technology/8734465.stm
“The recent critical zero-day security flaw in Flash 10 may have fast-tracked the release of Flash 10.1 today.
Adobe 10.1 boasts the much anticipated H.264 hardware acceleration.
‘Flash Player 10.1, H.264 hardware acceleration is not supported under Linux and Mac OS. Linux currently lacks a developed standard API that supports H.264 hardware video decoding, and Mac OS X does not expose access to the required APIs.’
http://get.adobe.com/flashplayer/
Adobe released an advisory earlier this week regarding a critical vulnerability found in Flash and Acrobat.
The company now plans to issue an emergency patch to fix the Flash flaw on Thursday June 10. The vulnerability, found in authplay.dll can allow an attacker to crash and potentially control an affected system. Affected versions include; Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX are also affected and will be patched on June 29. Adobe typically releases quarterly security updates and the next was originally scheduled for July 13. The company has accelerated the update in response to the 0-day flaw. “We also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments”, said Brad Arkin, Adobe’s director of product security and privacy.
Adobe plans to make the Flash Player 10.x update available for Windows, Macintosh, and Linux by June 10, 2010. The date for Flash Player 10 for Solaris is still to be determined. Flash 10.1 RC versions are unaffected by the flaw.