Adobe Security Issue: Flash Player, Reader, PDF Vulnerable

by NowPublic Staff | June 7, 2010 at 11:53 am

252 views | 0 Recommendations | 0 comments

Adobe Flash Player, Acrobat Reader and PDF's Critical Security Vulnerability

Adobe says a critical security issue in it's flash player and reader technology could enable hackers to take control of a users computer.

Adobe On Apple
Apple On Adobe

It doesn't really get any worse than a 'zero-day' vulnerability like this," said Graham Cluley, senior technology consultant at Sophos, a security software company.

He said that hackers could create a "booby-trapped Flash animation, or PDF" that would give them access to a person's computer, potentially allowing them to harvest personal information or use the machine to send spam messages.

A posting on the Adobe website says "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems."

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

As Adobe works on fix for the security flaw, it says users can download a newer version of Flash, version 10.1, which appears to be more secure and to ensure their computer's anti-virus software is update

Recently, Adobe has come under fire from Apple CEO, Steve Jobs. He says Adobe's Flash is the number reason for crashing Apple's Safari web browser. Further, Apple is not supporting flash video on its iPad and iPhone devices.