The vulnerabilities received a severity rating of highly critical, the highest possible rating, by Secunia since they were both actively exploited and would allow remote code execution on affected computer systems.

Adobe’s Response Team has updated the security vulnerability with the planned schedule for a patch to resolve the issue.

According to those information a patch for Flash Player 10 will be released on June 10 while Adobe Reader and Acrobat 9 users have to wait until June 29 for the patch.

The patches will be made available for all supported operating systems with the exception of Flash Player for Solaris.

The delay until the page becomes available is bad news for Adobe Reader and Acrobat users who have to find ways to protect their systems from the security vulnerability in the meantime.

Adobe is offering mitigation instructions on their website for Windows, Unix and Macintosh.

Adobe Reader and Acrobat – Windows

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader 9.x – Macintosh

1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file

Acrobat Pro 9.x – Macintosh

1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file

Adobe Reader 9.x- UNIX

1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named “libauthplay.so.0.0.0″

It is recommended to either perform the operations on affected computer systems or switch to another pdf reader at least for the time until the vulnerability gets fixed.

Adobe itself did not reveal details about the exploit in the blog post but a post at the Shadowserver website which is run by security volunteers from around the world. According to information posted on their website the exploit has been in the wild since at least December 11. The number of attacks have been limited and targeted so far according to their information. They do expect the “exploit to become more wide spread in the next few weeks” with the potential to become fully public in the same timeframe.

The security researchers did not want to reveal all the information about the vulnerability but mentioned that it was found in the JavaScript function in Adobe Acrobat and Adobe Reader.

With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult. On the bright side though, there are some solutions to this problem.

A temporary fix was also published on the same website.

We have said it before and we will say it again: Disable JavaScript.

Disabling JavaScript is easy. This is how it can be done in Acrobat Reader:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

We have not had time to fully test but enabling hardware DEP for systems that support it may also mitigate this issue.

Adobe users are encouraged to disable JavaScript as soon as possible to block their version of the program from being vulnerable.

Apple Mac and Unix systems are affected by the vulnerability as well but the exploit that is currently in the wild is only affecting Windows. Adobe suggests to enable UAC in Windows Vista (and Windows 7). Windows XP users should consider moving or deleting authplay.dll to protect their computer system from the threat against Adobe Reader and Acrobat “but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content”.

An alternative would be to uninstall Adobe Reader or Acrobat and install one of the available third party pdf readers like Foxit Reader or Sumatra.

Adobe does not offer any advise on the Flash Player vulnerability. The only viable option seems to be to disable or even uninstall Flash and wait for the patch which is expected to be released on July 30 and July 31.

Adobe Reader 9 and Acrobat 9 as well as Adobe Reader 7.1.0 and Acrobat 7.1.0 are not affected by the security vulnerability. The vulnerability causes the applications to crash which can allow an attacker to take control of the host system.

Downloads are available that fix the security vulnerability in Adobe Reader 8 for Windows and Macintosh computers. Take a look at the security bulletin issued by Adobe if you are using Adobe Acrobat or a previous version of one of the products to find the links pointing to updates for your product.