Adobe released an advisory earlier this week regarding a critical vulnerability found in Flash and Acrobat.
The company now plans to issue an emergency patch to fix the Flash flaw on Thursday June 10. The vulnerability, found in authplay.dll can allow an attacker to crash and potentially control an affected system. Affected versions include; Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX are also affected and will be patched on June 29. Adobe typically releases quarterly security updates and the next was originally scheduled for July 13. The company has accelerated the update in response to the 0-day flaw. "We also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments", said Brad Arkin, Adobe's director of product security and privacy.
Adobe plans to make the Flash Player 10.x update available for Windows, Macintosh, and Linux by June 10, 2010. The date for Flash Player 10 for Solaris is still to be determined. Flash 10.1 RC versions are unaffected by the flaw.
Comments (18)
ReplyGood thing I'm using 10.1.
I made sure mine was updated. Their bulletin has information on the flaw for their PDF reader too. You can just delete "authplay.dll" from the Reader folder until it's updated. (Instructions for Win and Mac here http://www.adobe.com/support/s...y/advisories/apsa10-01.html)
it's off topic, but i noticed you had a dr rabbit avatar. have you by chance seen the "this is dental floos" sparta remix?
Until then it's hackers paradise.
But no, we can happily install Flash 10.1 from here:
http://labs.adobe.com/download...player10.html#flashplayer10
But no, we can happily install Flash 10.1 from here:
http://labs.adobe.com/download...player10.html#flashplayer10
But no, that version isn't largely available to everyone yet. It's a Release Candidate.
Err, yes. It's available to everyone. Most people might choose not to go there, but it is still available.
Err, yes. It's available to everyone. Most people might choose not to go there, but it is still available.
With largely available I (obviously) mean largely deployed. It's an RC, most people don't even know about those... Meanwhile a great amount of systems gets compromised.
But no, we can happily install Flash 10.1 from here:
http://labs.adobe.com/download...player10.html#flashplayer10
Unless it doesn't work for some people. Which it doesn't for me.
Considering how widespread Flash and Acrobat installs are, having a quarterly patch schedule is a joke. I'm sure their customers with large managed environments would suffer a patch to ensure they had a large managed and secure environment.
I hate Steve Jobs, but I do agree that Vector Animation and Video Players should be HTML standards and are supported OOB in browsers.
Thx for acrobat... ho wait, 29june ? rofl.
Does Adobe Acrobat or Flash having a security vulnerability really count as news? It's a bit like saying "Pope found practising Catholicism".
Adobe and security issues are a universal constant.
(Oh and I can't wait for the load of **** this washes up as it gets rolled out at work)
My computer was infected yesterday with fake antivirus software as a result of this vulnerability. I had Google Chrome and AdBlock as well, but some sort of Javascript must have executed itself on GamesRadar.com and I was infected. I had to reformat my computer yesterday.
I am using Foxit Reader from now on for my PDFs. I am also updating to Flash 10.1 as well.
I am using Foxit Reader from now on for my PDFs. I am also updating to Flash 10.1 as well.
Javascript != Flash or PDF files dude....
windows will be more vulnerable than linux.
Well, I've already made the jump to Nitro's free PDF Reader and it's way more awesome. Still stuck with Flash tho'.
Apple may laugh because HTML5 is free from bugs and fixes...Or really?