Adobe Fixes Zero-Day Flaw in Flash Player

Adobe is unleashing updates for Flash Player, Acrobat, and Reader to fix a zero-day bug in Flash being exploited in attacks

Adobe is releasing updates today to address a critical zero-day flaw in Flash Player--and the authplay.dll element used in Adobe Reader and Adobe Acrobat--that was announced last week. Time to get patching.

The vulnerability in Flash Player can be exploited to allow the attacker to take complete control of the target PC, and be able to install other malicious code or access sensitive information. Even a "failed" exploit could crash the system. Adobe has reported limited attacks in the wild targeting this flaw with a Flash (SWF) file embedded in a Microsoft Excel (XLS) file attachment in an email.

There are no known attacks directed at Adobe Reader or Adobe Acrobat yet. But, the fact that both products can render Flash content with the authplay.dll component makes them vulnerable, and there is some concern that attacks could use malicious PDF files to exploit the vulnerability.

The updates today apply to Flash Player--including the Chrome Web browser with integrated Flash support, Acrobat, and most versions of Reader. Adobe Reader X for Windows will have to wait for its update.

Adobe Reader X for Windows includes a security sandbox that segregates scripts and other such executable code from being able to interact with or impact the underlying program, or the Windows operating system. The sandbox protection is not impervious, but the extra layer of security means that it is very unlikely that an attack attempting to exploit authplay.dll would be successful.

The Adobe security bulletin for Acrobat and Reader explains, "Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011."

The updates are available now for Adobe Reader and Adobe Acrobat. The update for versions of Adobe Flash Player--and the Chrome Web browser with integrated Flash support--will be available sometime this afternoon according to an Adobe spokesperson.

Join the PC World newsletter!

Error: Please check your email address.

Tags spamantispamAdobe Systemssecurityvirusesflashphishingmalware

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?