Jump to content

Adobe warns of Flash, PDF attacks


James_A

Recommended Posts

Remember how Adobe warned of "zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products" less than 4 months ago?

If not, then see this Backpage News item.

Well, it's happened again:

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

As before, the file authplay.dll is at fault and, as before, the mitigation is to delete / rename it until a patch becomes available.

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

See the Security Advisory for all the details: http://www.adobe.com/support/security/advisories/apsa10-05.html

.

Link to comment
Share on other sites

Adobe Reader 9 is actually faster than some of the earlier versions. Yes -- really!

Not much information about the Windows package for Evince, but it's version 2.30.3, which is under 4 months old and is the last in the 2.30 series, before version 2.32 was released about a monthe ago for Ubuntu.

.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...