Two new vulnerabilities affecting the Adobe products Adobe Reader and Adobe Flash were reported by Secunia earlier this day. They have in common that they have been both rated as extremely critical, the highest available severity rating for vulnerabilities posted at Secunia.
Highly critical is a rating for “remotely exploitable vulnerabilities that can lead to system compromise” that usually do not “require any interaction” and where exploits are already in the wild.
The Adobe Flash vulnerability that has been reported is affecting Adobe Flash Player 10.x and Adobe Flash Player 9.x.
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system.The vulnerability is caused due to an unspecified error. No more information is currently available.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in version 10.0.45.2 and prior 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris.
NOTE: The vulnerability is reportedly being actively exploited.
The release candidate of the upcoming Adobe Flash Player 10.1 does not seem to be affected by the vulnerability according to the information at the Secunia website.
Users who want to protect their computer system from being exploited by the vulnerability can either disable Adobe Flash for the time being or update to the Adobe Flash Player 10.1 Release Candidate. Additional information about the vulnerability are posted in a Security Bulletin at the Adobe website.
The Adobe Reader and Adobe Acrobat vulnerability might be related to the Adobe Flash vulnerability. The Secunia Advisory lists Adobe Reader 9 versions for Windows, Macintosh and Linux as affected by the vulnerability.
The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll).Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in version 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX.
NOTE: The vulnerability is currently being actively exploited.
The temporary solution to protect the computer system from the exploits is to delete, rename or remove access to autoplay.dll to prevent Flash content from being executed in Adobe Reader and Acrobat.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Adobe Security Updates For Flash, Adobe ReaderAdobe Reader, Acrobat and Flash Player Zero Day Vulnerability
Adobe Patch Day Brings Fixes For Flash, Shockwave And Adobe Reader
New Critical 0-day Flash Vulnerability Exploited Via Excel Attachments
New 0-day Adobe Vulnerabilities