• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / New 0-Day Attack Targets Adobe Reader, Acrobat, and Flash

New 0-Day Attack Targets Adobe Reader, Acrobat, and Flash

2010-06-04 by Jason

Adobe announced this evening that the typical triumvirate of Adobe products, Adobe Flash, Adobe Acrobat, and Flash, are being exploited by a zero-day attack. The latest version of Adobe Flash, 10.45.2, and all minor versions of Adobe Reader 9 and Adobe Acrobat 9 could be crashed through a vulnerability and allow remote access to an affected machine. It is reported that this vulnerability is in the wild and is currently being exploited. These vulnerabilities are found in the Adobe products on the different platforms: Windows, Macintosh, and Linux.

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.

You can read more at the Adobe Security Advisory which will be updated when a fix is scheduled.

Adobe Flash 10.1, which is currently only in Release Candidate status, Adobe reports does not appear vulnerable. You can download it here: http://labs.adobe.com/technologies/flashplayer10

As for mitigating the risk with Adobe Reader and Acrobat 9.x, Adobe recommends taking the following steps:

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe’s Product Security Incident Response Team blog has an article mentioning today’s security advisory.

Hopefully a patch will be released soon and the problem will be behind us. For now, you can follow the mitigation steps Adobe recommends. Adobe has a track record of responding to zero day exploits within 15 days.

In arguably good or bad timing, Brad Arkin was also featured in an article from Computerworld today that concludes that Adobe is heading in the right direction though the results will take some time to be visible.

Even so, Adobe deserves the hammering it’s gotten over security, he contends. “It’s fair to criticize, because you shouldn’t wait until your product causes your customers pain before you act. Every software company that doesn’t practice proactive security deserves to be criticized.”

Filed Under: Security and Privacy, Software

Trending

  • A robot adventure unfolds in 404 Not Found: A Coloring Book by The Oatmeal
    In Featured, Hardware, Gadgets, and Products
  • ultra wide monitorAdvantages Of Video Conferencing For Small Businesses
    In Hardware, Gadgets, and Products
  • PowerPoint Print Out Cuts Off Notes and Blanks Slides
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Access to the resource [servershare] has been disallowed Access to the resource [servershare] has been disallowed
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in