Printed from

Adobe Flash, Acrobat vulnerable to major security hole

updated 06:40 pm EDT, Sat June 5, 2010

Adobe Flash 10, Acrobat 9 at risk

Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.

The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.

An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.

By Electronista Staff
Post tools:




  1. MyRightEye

    Fresh-Faced Recruit

    Joined: Apr 2008


    Can't wait...

    ... to have this on my iPad.


  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999


    Adobe vulnerable

    The title should read Adobe vulnerable to own goal rather than security hole. Steve Jobs doesn't need to write explanatory letters when Adobe does things like this. Er... sloppy and lazy, anyone?

  1. LEStudios


    Joined: Jul 2008



    Steve Jobs was right again. Hey just in time for HTML5 Demos! Way to go Adobe!

  1. Foxypaco

    Fresh-Faced Recruit

    Joined: Apr 2010


    Good job Adobe!

    "The Flash Player 10.1 Release Candidate available at does not appear to be vulnerable. "

    Notice does not "appear" to be vulnerable. That's not very reaffirming now is it?

  1. iphonerulez

    Dedicated MacNNer

    Joined: Nov 2008


    Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

  1. ZogJones

    Fresh-Faced Recruit

    Joined: Sep 2002



    Epic fail....Not taking sides, but you gotta admit, the timing is pretty funny. Right before WWDC. 20 bucks says it makes its way into the Stevenote.

  1. fmlogue

    Fresh-Faced Recruit

    Joined: Aug 2009


    Where are the spin doctors

    I'm waiting for the Flash pushers to spin this into a good thing.

  1. jpellino

    Fresh-Faced Recruit

    Joined: Oct 1999


    As if...

    Anyone needed another reason to ignore both of these products. I have yet to find a compelling flash-based anything on the web outside of YouTube and Hulu, but they are hardly critical - the real eventual video on the web solution has yet to be settled, but I bet it involves HTML5 and H.264. I dumped Acrobat Reader with the rollout of OSX 10.5 and have yet to look back. On the very (very) rare occasion I need to fill out a fillable PDF, I borrow someone else's screen. PDF creation, management and distribution with 10.5+ is a dream come true. Add a system-wide hotkey for PDF and it's a no-brainer.

    The article sort of indicates this is really a Flash hole that also happens when a PDF calls Flash. Is that true, or are there matching or unique holes in each product? Any of those are separately disturbing, but it's interesting to see if this is common Adobe code that exists in separate product lines or if they are separately botching two products. Figure the odds.

  1. gmsquires

    Fresh-Faced Recruit

    Joined: Jul 2009


    Adobe Flas security holes


    I don't have or know of the specifics regarding this security issue, but I do know that ever since Adobe munged Flash handling capabilities into Acrobat, that is where most of the security holes have shown up in Acrobat.

  1. testudo

    Forum Regular

    Joined: Aug 2001


    Re: Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

    So what you are saying is that, with the iPhone and iPad, we are guaranteed of being completely free from any and all possible security vulnerabilities? None whatsoever, right? Can we get that in writing?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

iRig Pads

When it comes to mobile music products, IK Multimedia has positioned itself as one of the top suppliers. Right from the early days of ...



Most Commented


Popular News