Angela Moscaritolo - SC Magazine

June 07, 2010

 

A critical zero-day vulnerability in Adobe Reader, Acrobat and Flash Player is currently being actively exploited by cybercriminals, Adobe has warned.

 

The flaw, which could cause a crash or allow an attacker to take control of an affected system, is present in the latest version of Adobe Flash Player (10.0.45.2) and earlier for Windows, Macintosh, Linux and Solaris operating systems, Adobe said in a security advisory Friday. The bug also affects the authplay.dll component of Adobe Reader and Acrobat 9 for Windows, Macintosh and UNIX operating systems. The cause of the vulnerability was unspecified.

 

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat,” Adobe said in its advisory.

 

The flaw currently remains unpatched with no schedule for a fix. It was rated “extremely critical” or a 5 out of 5 by Danish vulnerability tracking firm Secunia.

 

 

 

In addition, a prerelease version of Flash Player 10.1, which is currently available, does not appear to be affected by the vulnerability, Adobe said.

 

 

SOURCE: http://www.scmagazineus.com/critical-adobe-flash-and-reader-flaw-being-exploited/article/171864/

---

[Dale Note: The latest update to Adobe Flash Player (ver 10.1.53.64) has fixed this problem for Flash Player. You can determine what version of Adobe Flash Player is installed by visiting <http://www.adobe.com/software/flash/about/> in MSIE and any one of your non-Microsoft browsers.]