Adobe to fix critical Flash hole next week

Company expects to have updates late next week for Flash, Reader to fix critical hole being reportedly exploited in attacks.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

July 23, 2009 2:04 p.m. PT

2 min read

Adobe said Thursday that it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.

The vulnerability exists in current versions of Flash Player for Windows, Macintosh, and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.

The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.

An update for Flash Player v9 and v10 for Windows, Mac, and Linux will be released by July 30, while a fix for Solaris is pending. Adobe should have an update for Reader and Acrobat v9.1.2 for Windows, Macintosh, and Unix by July 31.

An attacker can exploit the vulnerability by luring someone to a Web site hosting a specially crafted Shockwave Flash file, US-CERT said in an advisory Thursday.

"The Adobe Flash browser plug-in is available for multiple Web browsers and operating systems, any of which could be affected," CERT said. "An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability. This vulnerability is being actively exploited."

The vulnerabilities can be mitigated by disabling the Flash plug-in or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist sites that can access the Flash plug-in, CERT said.

To disable Flash, US-CERT recommends:

• Disabling Flash in Adobe Reader 9 on Windows platforms by renaming the following files: "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll" and "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll".

• Disabling Flash Player or selectively enabling Flash content as described in the "Securing Your Web Browser" document.

"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF (Shockwave Flash) content," the Adobe advisory said.

Typically, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll, Adobe said.

Windows Vista users can mitigate the impact of the exploit by enabling UAC (User Access Control), according to Adobe. Flash Player users should be careful when browsing unfamiliar Web sites.

Researchers on Wednesday reported that they had uncovered attacks in the wild in which malicious Acrobat PDF files were exploiting a vulnerability in Flash and dropping a Trojan onto computers.

The bug used in the exploit has been around since December 2008.