Printed from

Adobe Flash, Acrobat vulnerable to major security hole

updated 06:40 pm EDT, Sat June 5, 2010

Adobe Flash 10, Acrobat 9 at risk

Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.

The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.

An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.

By Electronista Staff
Post tools:




  1. MyRightEye

    Fresh-Faced Recruit

    Joined: Apr 2008


    Can't wait...

    ... to have this on my iPad.


  1. Feathers

    Grizzled Veteran

    Joined: Oct 1999


    Adobe vulnerable

    The title should read Adobe vulnerable to own goal rather than security hole. Steve Jobs doesn't need to write explanatory letters when Adobe does things like this. Er... sloppy and lazy, anyone?

  1. LEStudios


    Joined: Jul 2008



    Steve Jobs was right again. Hey just in time for HTML5 Demos! Way to go Adobe!

  1. Foxypaco

    Fresh-Faced Recruit

    Joined: Apr 2010


    Good job Adobe!

    "The Flash Player 10.1 Release Candidate available at does not appear to be vulnerable. "

    Notice does not "appear" to be vulnerable. That's not very reaffirming now is it?

  1. iphonerulez

    Dedicated MacNNer

    Joined: Nov 2008


    Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

  1. ZogJones

    Fresh-Faced Recruit

    Joined: Sep 2002



    Epic fail....Not taking sides, but you gotta admit, the timing is pretty funny. Right before WWDC. 20 bucks says it makes its way into the Stevenote.

  1. fmlogue

    Fresh-Faced Recruit

    Joined: Aug 2009


    Where are the spin doctors

    I'm waiting for the Flash pushers to spin this into a good thing.

  1. jpellino

    Fresh-Faced Recruit

    Joined: Oct 1999


    As if...

    Anyone needed another reason to ignore both of these products. I have yet to find a compelling flash-based anything on the web outside of YouTube and Hulu, but they are hardly critical - the real eventual video on the web solution has yet to be settled, but I bet it involves HTML5 and H.264. I dumped Acrobat Reader with the rollout of OSX 10.5 and have yet to look back. On the very (very) rare occasion I need to fill out a fillable PDF, I borrow someone else's screen. PDF creation, management and distribution with 10.5+ is a dream come true. Add a system-wide hotkey for PDF and it's a no-brainer.

    The article sort of indicates this is really a Flash hole that also happens when a PDF calls Flash. Is that true, or are there matching or unique holes in each product? Any of those are separately disturbing, but it's interesting to see if this is common Adobe code that exists in separate product lines or if they are separately botching two products. Figure the odds.

  1. gmsquires

    Fresh-Faced Recruit

    Joined: Jul 2009


    Adobe Flas security holes


    I don't have or know of the specifics regarding this security issue, but I do know that ever since Adobe munged Flash handling capabilities into Acrobat, that is where most of the security holes have shown up in Acrobat.

  1. testudo

    Forum Regular

    Joined: Aug 2001


    Re: Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

    So what you are saying is that, with the iPhone and iPad, we are guaranteed of being completely free from any and all possible security vulnerabilities? None whatsoever, right? Can we get that in writing?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular


Recent Reviews

Seagate Wireless

It seems like no matter how much internal storage is included today's mobile devices, we, as users, will always find a way to fill the ...

Lenovo Yoga Tablet 2 (Android, 10.1-inch)

Lenovo is building a bigger name for itself year after year, including its devices expanding beyond desktop computers. The company's l ...

Brother HL-L8250CDN Color Laser Printer

When it comes to selecting a printer, the process is not exactly something most people put a lot of thought into. Printers are often t ...



Most Commented


Popular News