Adobe has warned that attackers are exploiting a critical vulnerability in the company’s most widely used software: Flash Player and Adobe Reader.
Adobe said that the bug affects Flash Player 10.0.45.2, the most up-to-date version of the popular media player, as well as older editions on Windows, Macintosh, Linux and Solaris. Also vulnerable: PDF viewer Adobe Reader 9.x and PDF creation software Adobe Acrobat 9.x on Windows, Macintosh and Unix.
Hackers are already exploiting the flaw. “There are reports that this vulnerability is being actively exploited in the wild against Flash Player, Reader and Acrobat,” the company said .Danish bug tracker Secunia rated the threat as “extremely critical,” the highest ranking in its five-step scoring system Attackers exploiting the flaw may be able to hijack the targeted computer, Adobe acknowledged.
Vlnerability exists not only inside Flash, but also within the “authplay.dll” file packaged with every Windows copy of Reader and Acrobat. That file is the interpreter that handles Flash content embedded within PDF files.
Reader and Acrobat users can protect themselves by deleting or renaming authplay.dll. Doing so, however, means that opening a PDF file containing Flash content will crash the software or produce an error message.
Flash Player 10.1 Release Candidate, which can be downloaded from Adobe’s site, “does not appear to be vulnerable,” Adobe said, implicitly urging users to shift to the unfinished software.
