Yesterday the 21st Adobe posted on their blog that they are aware of a serious issue and will release more details. Walking into the office this morning, they have already provided more details.
"A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows."
The Current Fix
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content."
Stay up to date on this issue via their security bulletin. (Link)
Also a good write-up by Avert Labs (Link)
Posts
0 comments:
Post a Comment