Adobe readies Flash fix for Thursday

Share this article:

Adobe plans to rush out a fix for a Flash Player zero-day vulnerability by Thursday, and users will have to wait until June 29 to receive a patch for the same flaw in Reader and Acrobat.

The bug, which could cause a crash or allow an attacker to take control of an affected system, is present in the latest version of Flash (10.0.45.2) and earlier for Windows, Macintosh, Linux and Solaris operating systems, Adobe said in a security advisory Friday. Adobe did not say when it plans to patch the vulnerability, first reported on Friday, in Solaris.

The bug also affects the authplay.dll component of Adobe Reader and Acrobat 9 for Windows, Macintosh and UNIX operating systems. The cause of the vulnerability was unspecified.

“There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat,” the company said in its advisory.

The flaw is rated “extremely critical,” or a five out of five, by vulnerability tracking firm Secunia.

The Flash Player 10.1 release candidate is confirmed as not vulnerable, as are Reader and Acrobat version 8.

To avoid a possible exploit, users also can consider disabling the Flash ActiveX control or installing a Flash blocker add-on, experts said. To avoid an attack in Reader or Acrobat, users can run an alternative PDF renderer.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.