also @ TechSpot: Bill Gates is once again the richest person in the world

Critical vulnerability found in Adobe Flash Player

By

On July 27, 2009, 1:19 PM

Adobe has posted a security advisory for Adobe Reader, Acrobat and Flash Player. The company states that a critical vulnerability is present in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macs and UNIX operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x on the same operating systems.

The vulnerability (CVE-2009-1862) could cause a crash and allow an attacker to gain control of the compromised system. It is reportedly being exploited in targeted attacks against Adobe Reader v9 on Windows. Naturally, a fix is in the works and is expected to be delivered by the end of the week.

For the time being, users can mitigate the threat by deleting, renaming or removing access to authplay.dll. Doing so will cause your program to crash when attempting to view a PDF containing SWF content, however. Adobe is also recommending that users enable UAC and that they avoid untrusted websites using Flash.

No tags on this story

6 comments

User Comments: 6

Got something to say? Post a comment
  1. July 27, 2009 1:46 PM
    Guest said:

    "...avoid untrusted websites using Flash"

    What about flash ads in trusted websites? Can they be compromised?

    Reply
  2. July 27, 2009 4:56 PM
    Guest said:

    Could someone post a more layman way of fixing this issue?

    Reply
  3. July 27, 2009 5:36 PM
    TechCombo said:

    Adobe published this in their post,

    “A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.”

    Thus, you should just remove the authplay.dll file and you are sorted.

    Reply
  4. July 27, 2009 5:37 PM
    tengeta
    tengeta said:

    Maybe ridding of Adobe as a whole would fix the issue.

    Reply
  5. July 27, 2009 10:36 PM
    raybay said:

    Adobe already has a fix available online... which is more than can be said for most others that are infested.

    Reply
  6. July 28, 2009 1:22 AM
    Guest said:

    just got new laptop am trying to download flash player, but it will not even load the page. Is this threat the cause of my problem?

    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Smartphones

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

Have DOTA 2 keys to give (steam requiered) 8 replies on Gaming

Best possible quality DVD ripping? 5 replies on Software Apps

Bios update help 10 replies on Processors and Motherboards

Windows update completely stopped working, unknown error 8024402C 6 replies on Windows OS

Bitdefender 5 replies on Software Apps

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.