also @ TechSpot: Sony patent aims to put content-interrupting commercials in video games

Critical vulnerability found in Adobe Flash Player

By

On July 27, 2009, 1:19 PM EST

Adobe has posted a security advisory for Adobe Reader, Acrobat and Flash Player. The company states that a critical vulnerability is present in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macs and UNIX operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x on the same operating systems.

The vulnerability (CVE-2009-1862) could cause a crash and allow an attacker to gain control of the compromised system. It is reportedly being exploited in targeted attacks against Adobe Reader v9 on Windows. Naturally, a fix is in the works and is expected to be delivered by the end of the week.

For the time being, users can mitigate the threat by deleting, renaming or removing access to authplay.dll. Doing so will cause your program to crash when attempting to view a PDF containing SWF content, however. Adobe is also recommending that users enable UAC and that they avoid untrusted websites using Flash.

No tags on this story

6 comments

User Comments (6)

Post a comment
Guest
on July 27, 2009
1:46 PM

"...avoid untrusted websites using Flash"

What about flash ads in trusted websites? Can they be compromised?

Reply

Guest
on July 27, 2009
4:56 PM

Could someone post a more layman way of fixing this issue?

Reply

TechCombo
on July 27, 2009
5:36 PM

Adobe published this in their post,

“A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.”

Thus, you should just remove the authplay.dll file and you are sorted.

Reply

tengeta
on July 27, 2009
5:37 PM

Maybe ridding of Adobe as a whole would fix the issue.

Reply

raybay
on July 27, 2009
10:36 PM

Adobe already has a fix available online... which is more than can be said for most others that are infested.

Reply

Guest
on July 28, 2009
1:22 AM

just got new laptop am trying to download flash player, but it will not even load the page. Is this threat the cause of my problem?

Reply

Browse more commented news

Post a new comment

Guest user

To post as an anonymous
user click here.

Members

If you are a TechSpot member,
please login first.


By signing up you gain complete access to the TechSpot community. Join thousands of computer and technology enthusiasts that contribute and share knowledge in our forum. Post messages, get a private inbox, upload your own photo gallery and more.

Most Popular

Trending Featured
More Trending Topics

Editors' Smartphone Picks

Downloads & Drivers

Downloads   Drivers  

GMABooster 2.1a

HaoZip 2.8

Defraggler 2.10.413

The Cleaner 2012 8.1.0.1110

WinISO 6.2.0.4526

More Downloads

Related Discussion

AVG 2012

Installing Windows or repairing without CD-ROM

Set back to factory settings

Effective Air Cooling Guide (Part II) - Myths, Old Rituals, and Analysis

Microsoft Security Essentials won't do a full scan

More at the Forums

Subscribe to TechSpot

Get free exclusive content, learn about new features and tech breaking news.