Adobe Fixes Zero-Day Flaw in Flash Player

Adobe is unleashing updates for Flash Player, Acrobat, and Reader to fix a zero-day bug in Flash being exploited in attacks

Adobe is releasing updates today to address a critical zero-day flaw in Flash Player--and the authplay.dll element used in Adobe Reader and Adobe Acrobat--that was announced last week. Time to get patching.

The vulnerability in Flash Player can be exploited to allow the attacker to take complete control of the target PC, and be able to install other malicious code or access sensitive information. Even a "failed" exploit could crash the system. Adobe has reported limited attacks in the wild targeting this flaw with a Flash (SWF) file embedded in a Microsoft Excel (XLS) file attachment in an email.

There are no known attacks directed at Adobe Reader or Adobe Acrobat yet. But, the fact that both products can render Flash content with the authplay.dll component makes them vulnerable, and there is some concern that attacks could use malicious PDF files to exploit the vulnerability.

The updates today apply to Flash Player--including the Chrome Web browser with integrated Flash support, Acrobat, and most versions of Reader. Adobe Reader X for Windows will have to wait for its update.

Adobe Reader X for Windows includes a security sandbox that segregates scripts and other such executable code from being able to interact with or impact the underlying program, or the Windows operating system. The sandbox protection is not impervious, but the extra layer of security means that it is very unlikely that an attack attempting to exploit authplay.dll would be successful.

The Adobe security bulletin for Acrobat and Reader explains, "Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011."

The updates are available now for Adobe Reader and Adobe Acrobat. The update for versions of Adobe Flash Player--and the Chrome Web browser with integrated Flash support--will be available sometime this afternoon according to an Adobe spokesperson.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags spamantispamvirusessecurityAdobe Systemsphishingflashmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?