Adobe acknowledges critical Acrobat/Flash flaw

In what will be seen as very bad news for Adobe, given recent attacks on the company’s software by Apple supremo Steve Jobs, they’ve today had to admit that there is a serious flaw that affects both the company’s Acrobat and Flash platforms.

The vulnerability potentially enables hackers to take remote-control of a PC and isn’t limited to Windows.  Apple Macs and PC’s running Linux are also apparently open to attack!  Even the excellent UAC security system in Windows 7 is apparently not enough.

In a security announcement the company said…

There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat

It’s long been known that Adobe Acrobat files are excellent carriers for viruses, they carry at least as many viruses worldwide as Microsoft’s Office documents, and Adobe a rushing to provide patches for the software.

In the interim, the company says that users could rename or delete the affected “authplay.dll” file on their computer to prevent their computer from becoming compromised.  They do say though that doing this will result in…

users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF [Adobe Flash] content.

Obviously I’m not going to suggest that people uninstall Acrobat and Flash from their computers, as they’re both too useful.  I would recommend that you make sure your anti-virus and anti-malware software is up to date, and that you have the Adobe Updater software running too.

The software affected by this bug is…

Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris

Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX