Adobe is warning users of not only their Flash player, but also of their other products, that hackers have once again exploited their software. In a security advisory the software company warned that Adobe Reader and Acrobat are both vulnerable as well. On their web site Adobe also stated that they believed that Adobe Flash Player 10.1 release candidate #7 did not appear to be vulnerable. Adobe also stated that this exploit included their software for Windows, Linux, Solaris and Macintosh for some of their versions.

Adobe also states that:

Adobe Flash Player
The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.

Adobe Reader and Acrobat
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Severity rating

Adobe categorizes this as a critical issue.

I believe this is a good time to dump Adobe reader for another product. I chose Foxit for myself.

Comments welcome.

Source – Adobe

Reblog this post [with Zemanta]