|
By Cara Garretson
Adobe on Friday afternoon issued an alert informing its users of a critical vulnerability in its Flash Player, Reader and Acrobat software. Adobe added that it has heard reports that the security hole is actively being exploited.
According to the security alert issued by the company, the critical vulnerability is present in Flash Player 10.0.45.2 and earlier for Windows, Macintosh, Linux and Solaris operating systems. The vulnerability, named CVE-2010-1297, could also be exploited in the authplay.dll component that is part of Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix. Adobe says the Flash Player 10.1 release candidate does not appear to be vulnerable to the exploit, and it confirmed that Reader and Acrobat 8.x are not vulnerable.
Adobe says the vulnerability can crash systems and could also allow an attacker to take control of another PC. As of Friday afternoon, Adobe did not have a fix available for the issue. "Critical" is the highest of four threat ratings Adobe assigns vulnerabilities.
Until the company releases a fix, it is recommending that users delete, rename or remove access to the authplay.dll file that is part of Reader and Acrobat 9.x to mitigate the threat, although the company warms that such action will cause a "non-exploitable" crash or error message when opening a PDF file that contains SWF content. SWF is a file format that can be generated by Adobe products.
"Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," says the alert. "As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date." The company says the alert will be updated once a schedule for the fix is determined.
The U.S. Computer Emergency Readiness Team (US CERT) on Saturday added the Adobe vulnerability to the list of security alerts it regularly publishes.
News of this latest vulnerability comes on the heels of a feud between Apple and Adobe, spurred by Apple's decision not to support Adobe's Flash software on its mobile platforms. One of the reasons Apple CEO Steve Jobs has given for not supporting Flash is concern over the software's security.
Adobe Reader has become a popular target for hackers. According to a report issued by security vendor F-Secure in March, Reader was the focus of 61 percent of the targeted attacks by hackers in January and February of 2010. That's up from 50 percent for all of 2009 (see chart).
Only registered users can write comments.
Please login or register. |
