Home » Acrobat 9, Adobe, Adobe Reader 9, General News, PDF Security

Adobe acknowledges another critical PDF Vulnerability

29 Oct 2010 | | One Comment

Adobe Systems acknowledges another critical vulnerability in Flash Player, Reader and Acrobat products which exposes its users to malicious attacks from hackers with an intention to steal sensitive data.

The vulnerability is identified as APSA10-05 (CVE-2010-3654) and has been confirmed in

  • Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux and Solaris
  • Flash Player 10.1.95.2 and earlier versions for Android
  • authplay.dll component which is included in Reader 9.4 and Acrobat 9.4 and earlier 9.x versions

Adobe has confirmed that “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x.”

Adobe has suggested a temporary fix by deleting, renaming or moving the authplay.dll file but this may cause the application to crash (non-exploitable) or error message when opening a PDF file that contains Flash (SWF) content.

Adobe Systems are expected to release an update for Flash Player by 9th November 2010 and an update for Reader and Acrobat by 15th November 2010.

Read Adobe’s Security bulletin on this vulnerability at http://www.adobe.com/support/security/advisories/apsa10-05.html

The news appeared at http://www.esecurityplanet.com/news/article.php/3910716/Adobe-Warns-of-Another-Critical-PDF-Vulnerability.htm

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

One Comment »

  • rick Grossman said:

    I use pdf as a local tool why all the fuss about vulnerability??

Leave your response!

You must be logged in to post a comment.