Adobe Updates Security Advisory, Promises Patches Soon - gHacks Tech News

Adobe Updates Security Advisory, Promises Patches Soon

Critical vulnerabilities that affected Adobe's flagship products Adobe Reader, Acrobat and Flash Player were revealed in a security advisory by the Adobe Product Incident Response Team. The vulnerability affects Flash Player 10 and 9 as well as Adobe Reader 9 and Acrobat 9 which covers the majority of the install base.

The vulnerabilities received a severity rating of highly critical, the highest possible rating, by Secunia since they were both actively exploited and would allow remote code execution on affected computer systems.

Adobe's Response Team has updated the security vulnerability with the planned schedule for a patch to resolve the issue.

According to those information a patch for Flash Player 10 will be released on June 10 while Adobe Reader and Acrobat 9 users have to wait until June 29 for the patch.

The patches will be made available for all supported operating systems with the exception of Flash Player for Solaris.

The delay until the page becomes available is bad news for Adobe Reader and Acrobat users who have to find ways to protect their systems from the security vulnerability in the meantime.

Adobe is offering mitigation instructions on their website for Windows, Unix and Macintosh.

Adobe Reader and Acrobat - Windows

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader 9.x - Macintosh

1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file

Acrobat Pro 9.x - Macintosh

1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file

Adobe Reader 9.x- UNIX

1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named "libauthplay.so.0.0.0"

It is recommended to either perform the operations on affected computer systems or switch to another pdf reader at least for the time until the vulnerability gets fixed.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Tom said on June 8, 2010 at 2:44 pm
    Reply

    Do I understand that there is no “mitigation” possible for Adobe Flash until the patch is available?

    1. Martin said on June 8, 2010 at 2:50 pm
      Reply

      Tom the only available options are to install the Adobe Flash 10.1 Release Candidate or uninstall / disable Adobe Flash for the time being.

  2. DanTe said on June 8, 2010 at 4:57 pm
    Reply

    Using Adobe products is like using Apple products: go into a church confessional, grab your ankles and cry I BELIEVE!!!

  3. sshoaib said on June 9, 2010 at 1:49 am
    Reply

    Flash is dead anyway

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.