Printed from http://www.electronista.com

Adobe Flash, Acrobat vulnerable to major security hole

updated 06:40 pm EDT, Sat June 5, 2010

Adobe Flash 10, Acrobat 9 at risk

Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.

The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.

An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. MyRightEye

    Fresh-Faced Recruit

    Joined: Apr 2008

    +17

    Can't wait...

    ... to have this on my iPad.

    /s

  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999

    +12

    Adobe vulnerable

    The title should read Adobe vulnerable to own goal rather than security hole. Steve Jobs doesn't need to write explanatory letters when Adobe does things like this. Er... sloppy and lazy, anyone?

  1. LEStudios

    Banned

    Joined: Jul 2008

    +14

    LMAO!

    Steve Jobs was right again. Hey just in time for HTML5 Demos! Way to go Adobe!


  1. Foxypaco

    Fresh-Faced Recruit

    Joined: Apr 2010

    +13

    Good job Adobe!

    "The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable. "

    Notice does not "appear" to be vulnerable. That's not very reaffirming now is it?

  1. iphonerulez

    Fresh-Faced Recruit

    Joined: Nov 2008

    +10

    Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

  1. ZogJones

    Fresh-Faced Recruit

    Joined: Sep 2002

    +6

    BWAHAHAHAHA!

    Epic fail....Not taking sides, but you gotta admit, the timing is pretty funny. Right before WWDC. 20 bucks says it makes its way into the Stevenote.

  1. fmlogue

    Fresh-Faced Recruit

    Joined: Aug 2009

    +4

    Where are the spin doctors

    I'm waiting for the Flash pushers to spin this into a good thing.

  1. jpellino

    Fresh-Faced Recruit

    Joined: Oct 1999

    +2

    As if...

    Anyone needed another reason to ignore both of these products. I have yet to find a compelling flash-based anything on the web outside of YouTube and Hulu, but they are hardly critical - the real eventual video on the web solution has yet to be settled, but I bet it involves HTML5 and H.264. I dumped Acrobat Reader with the rollout of OSX 10.5 and have yet to look back. On the very (very) rare occasion I need to fill out a fillable PDF, I borrow someone else's screen. PDF creation, management and distribution with 10.5+ is a dream come true. Add a system-wide hotkey for PDF and it's a no-brainer.

    The article sort of indicates this is really a Flash hole that also happens when a PDF calls Flash. Is that true, or are there matching or unique holes in each product? Any of those are separately disturbing, but it's interesting to see if this is common Adobe code that exists in separate product lines or if they are separately botching two products. Figure the odds.

  1. gmsquires

    Fresh-Faced Recruit

    Joined: Jul 2009

    +2

    Adobe Flas security holes

    @Jpellino

    I don't have or know of the specifics regarding this security issue, but I do know that ever since Adobe munged Flash handling capabilities into Acrobat, that is where most of the security holes have shown up in Acrobat.

  1. testudo

    Forum Regular

    Joined: Aug 2001

    0

    Re: Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!


    So what you are saying is that, with the iPhone and iPad, we are guaranteed of being completely free from any and all possible security vulnerabilities? None whatsoever, right? Can we get that in writing?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Sponsor

toggle

Most Commented

 
toggle

Popular News