In an out of cycle update, Adobe has shipped updates for its Flash player to address a zero-day vulnerability. It also issued updates for older versions of Adobe Reader and Adobe Acrobat to address a critical vulnerability that could cause host system crashes and give control to attackers.
Adobe clarified that it’s aware of attacks against Flash Player in the wild that exploited this vulnerability through a Flash (.swf) file embedded in a Microsoft Excel (.xls) file sent as email attachments. It stated that Adobe Reader and Adobe Acrobat have not been targeted so far.
According to Adobe, Adobe Reader X’s Protected Mode mitigations prevent execution of such an exploit. The critical vulnerability in Adobe Reader and Acrobat X exist in the ‘authplay.dll’ component that ship with the software. Vulnerabilities in all three products could potentially result in system crashes through memory corruption and arbitrary code execution. This can give an attacker control of the affected system.
The vulnerabilities have been reported in Reader and Acrobat v10.0.1. Versions of Flash Player (prior to and including v10.2.152.33) as well as parallel releases on other platforms. Adobe categorizes these as critical updates, and recommends that affected users update their installations to the newest versions. The vulnerabilities can
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
be resolved by updating to the latest
version of Flash Player (v10.2.153.1) and parallel releases for other platforms. Adobe recommends
v10.0.2 for Reader and Acrobat v10.0.1. Reader and Acrobat v9.4.2 should be updated to v 9.4.3.
Since Reader X’s sandbox technology prevents execution of this exploit, the issue is slated to be addressed in the next quarterly update for Reader, scheduled for July 14, 2011. Reader 9.x for Unix and Android as well as Acrobat and Reader 8.x are not affected by this vulnerability.
More information regarding these vulnerabilities can be found on Adobe’s Website.