With recent reports showing that Adobe Flash combined with Acrobat are the largest vectors for malicious software in the last year this news is not good. PDF attacks alone actually accounted for 49% of all web based security issues last year!
Adobe’s reporting a flaw in some (read just about all!) versions of Flash and Acrobat that could allow bad people to remotely control your computer.
From Adobe’s site:
“A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.”
Flash 10.1 release candidate isn’t vulnerable – as far as anyone can tell now.
Get it here:
http://labs.adobe.com/downloads/flashplayer10.html#flashplayer10
Just choose your OS version, download and install.
Remember people keep your systems and applications up to date.
3 thoughts on “Another Adobe Security Failure”