Adobe has announced that an exploitable flaw in Adobe Reader 9.x, Acrobat 9.x, and Flash 9.x and 10.x has been discovered and is being actively exploited. Windows, Mac OS X, and Linux versions are all affected. The flaw allows arbitrary code execution by attackers, and hence it is deemed "critical."
Adobe presently has no fix available. Adobe Reader 8.x is unaffected, as is the Flash 10.1 beta; downgrading Reader and upgrading Flash therefore provides protection against the flaw.
On Windows, removing the file "authplay.dll" (included as part of Adobe Reader and Acrobat) prevents exploitation through PDF files, though this will cause the software to crash whenever it encounters a PDF with embedded Flash content.
No comments:
Post a Comment