Critical vulnerability found in Adobe Flash Player

By on July 27, 2009, 1:19 PM
Adobe has posted a security advisory for Adobe Reader, Acrobat and Flash Player. The company states that a critical vulnerability is present in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macs and UNIX operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x on the same operating systems.

The vulnerability (CVE-2009-1862) could cause a crash and allow an attacker to gain control of the compromised system. It is reportedly being exploited in targeted attacks against Adobe Reader v9 on Windows. Naturally, a fix is in the works and is expected to be delivered by the end of the week.

For the time being, users can mitigate the threat by deleting, renaming or removing access to authplay.dll. Doing so will cause your program to crash when attempting to view a PDF containing SWF content, however. Adobe is also recommending that users enable UAC and that they avoid untrusted websites using Flash.




User Comments: 6

Got something to say? Post a comment
Guest said:

"...avoid untrusted websites using Flash"

What about flash ads in trusted websites? Can they be compromised?

Guest said:

Could someone post a more layman way of fixing this issue?

TechCombo said:

Adobe published this in their post,

"A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows."

Thus, you should just remove the authplay.dll file and you are sorted.

tengeta tengeta said:

Maybe ridding of Adobe as a whole would fix the issue.

raybay said:

Adobe already has a fix available online... which is more than can be said for most others that are infested.

Guest said:

just got new laptop am trying to download flash player, but it will not even load the page. Is this threat the cause of my problem?

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.