This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Adobe warns of zero-day vulnerability in its Reader, Acrobat and Flash Player

Share this article:

Adobe has warned of a zero-day threat present in current versions of its Adobe Reader, Acrobat and Flash Player software.

In a blog posting at the end of last week, Wendy Poland, security response program manager at Adobe Systems, said: “A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.

“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat.”

Adobe said that Reader and Acrobat 8.x are not vulnerable, and Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the 'authplay.dll' file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).

F-Secure chief research officer Mikko Hypponen claimed that the company had seen the new Adobe zero-day PDF (Exploit:W32/Pidief.CPT) in the wild, and it shows an almost blank screen to the user.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Targeted spear phishing campaign targets governments, law enforcement

Targeted spear phishing campaign targets governments, law enforcement

Kaspersky Lab claims to have identified a highly targeted spear phishing campaign that picks on high profile victims - including government, military, law enforcement agencies and embassies.

Malaysian investigators 'hacked' for confidential MH370 records

Malaysian investigators 'hacked' for confidential MH370 records

Around 30 computers at Malaysian law enforcement agencies looking into the disappearance of the MH370 airplane have reportedly been hacked, with perpetrators making off with confidential data on the aircraft.

75,000 reasons not to jailbreak your iPhone or iPad

75,000 reasons not to jailbreak your iPhone or ...

Malicious AdThief malware replaces adverts appearing on Apple users screens