Adobe products struck by zero-day attacks
June 6, 2010 by admin
Filed under Security News
33 views Leave a Comment
Adobe’s products are once again in the firing line, as hackers are reportedly exploiting critical unpatched vulnerabilities in the products Adobe Reader, Acrobat and Flash Player.
Adobe has published a security advisory describing the problems which affect users regardless of whether they’re running Windows, Mac OS X, Linux, Solaris or UNIX.
Adobe has labelled the zero-day vulnerabilities as “critical”, the most serious rating it has.
Adobe says that Adobe Reader and Acrobat version 8.x are not vulnerable, and that the Flash Player 10.1 release candidate “does not appear to be vulnerable”.
Although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal:
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
Related posts:
- Critical security update for Adobe Reader and Acrobat
- Guest blog: Adobe, make my day. Disable JavaScript by default
- Adobe Patch Tuesday to bring automatic updates
- Critical patches: Update your Adobe Flash player now
- Adobe races to patch zero-day vulnerability in Flash Player
