Adobe Updates Security Advisory, Promises Patches Soon
Critical vulnerabilities that affected Adobe's flagship products Adobe Reader, Acrobat and Flash Player were revealed in a security advisory by the Adobe Product Incident Response Team. The vulnerability affects Flash Player 10 and 9 as well as Adobe Reader 9 and Acrobat 9 which covers the majority of the install base.
The vulnerabilities received a severity rating of highly critical, the highest possible rating, by Secunia since they were both actively exploited and would allow remote code execution on affected computer systems.
Adobe's Response Team has updated the security vulnerability with the planned schedule for a patch to resolve the issue.
According to those information a patch for Flash Player 10 will be released on June 10 while Adobe Reader and Acrobat 9 users have to wait until June 29 for the patch.
The patches will be made available for all supported operating systems with the exception of Flash Player for Solaris.
The delay until the page becomes available is bad news for Adobe Reader and Acrobat users who have to find ways to protect their systems from the security vulnerability in the meantime.
Adobe is offering mitigation instructions on their website for Windows, Unix and Macintosh.
Adobe Reader and Acrobat - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Adobe Reader 9.x- UNIX
1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named "libauthplay.so.0.0.0"
It is recommended to either perform the operations on affected computer systems or switch to another pdf reader at least for the time until the vulnerability gets fixed.
Advertisement
Flash is dead anyway
Using Adobe products is like using Apple products: go into a church confessional, grab your ankles and cry I BELIEVE!!!
Do I understand that there is no “mitigation” possible for Adobe Flash until the patch is available?
Tom the only available options are to install the Adobe Flash 10.1 Release Candidate or uninstall / disable Adobe Flash for the time being.