• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / New 0-Day Attack Targets Adobe Reader, Acrobat, and Flash

New 0-Day Attack Targets Adobe Reader, Acrobat, and Flash

2010-06-04 by Jason

Adobe announced this evening that the typical triumvirate of Adobe products, Adobe Flash, Adobe Acrobat, and Flash, are being exploited by a zero-day attack. The latest version of Adobe Flash, 10.45.2, and all minor versions of Adobe Reader 9 and Adobe Acrobat 9 could be crashed through a vulnerability and allow remote access to an affected machine. It is reported that this vulnerability is in the wild and is currently being exploited. These vulnerabilities are found in the Adobe products on the different platforms: Windows, Macintosh, and Linux.

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX.

You can read more at the Adobe Security Advisory which will be updated when a fix is scheduled.

Adobe Flash 10.1, which is currently only in Release Candidate status, Adobe reports does not appear vulnerable. You can download it here: http://labs.adobe.com/technologies/flashplayer10

As for mitigating the risk with Adobe Reader and Acrobat 9.x, Adobe recommends taking the following steps:

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe’s Product Security Incident Response Team blog has an article mentioning today’s security advisory.

Hopefully a patch will be released soon and the problem will be behind us. For now, you can follow the mitigation steps Adobe recommends. Adobe has a track record of responding to zero day exploits within 15 days.

In arguably good or bad timing, Brad Arkin was also featured in an article from Computerworld today that concludes that Adobe is heading in the right direction though the results will take some time to be visible.

Even so, Adobe deserves the hammering it’s gotten over security, he contends. “It’s fair to criticize, because you shouldn’t wait until your product causes your customers pain before you act. Every software company that doesn’t practice proactive security deserves to be criticized.”

Filed Under: Security and Privacy, Software

Trending

  • Bing’s Search History via Proxy
    In Media, News, Security and Privacy
  • Updating The DigiNotar Breach Away – Adobe, Apple, Microsoft, Mozilla, Google React
    In Security and Privacy
  • Advertising across media types [infographic]
    In Infographics, Media

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • 3d rendering circuit cloud for cloud computing technology Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource Telecom Application Development: When to Outsource
  • Printer printing document wirelessly from mobile phone or smartphone wifi connection vector flat cartoon illustration, file air print on fax or ink jet via cellphone bluetooth modern design Why Your Business Needs Online Fax Services In 2022
  • 6 Best Ways to Protect Your Business Account 6 Best Ways to Protect Your Business Account
  • How to download videos from Instagram How to download videos from Instagram
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Build and Deploy a Modern Web 3.0 Blockchain App in 2022
  • Telecom Application Development: When to Outsource
  • Why Your Business Needs Online Fax Services In 2022

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2022 · Magazine Pro Theme on Genesis Framework · WordPress · Log in