This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Adobe warns of zero-day vulnerability in its Reader, Acrobat and Flash Player

Share this article:

Adobe has warned of a zero-day threat present in current versions of its Adobe Reader, Acrobat and Flash Player software.

In a blog posting at the end of last week, Wendy Poland, security response program manager at Adobe Systems, said: “A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.

“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat.”

Adobe said that Reader and Acrobat 8.x are not vulnerable, and Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the 'authplay.dll' file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).

F-Secure chief research officer Mikko Hypponen claimed that the company had seen the new Adobe zero-day PDF (Exploit:W32/Pidief.CPT) in the wild, and it shows an almost blank screen to the user.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell spyware

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell ...

UK and US spies reported to spy on Deutsche Telekom in Snowden documents, while Germany's FinFisher accused of supplying surveillance software to repressive regimes.

Amazon's £600m Twitch gaming site hit by malware

Amazon's £600m Twitch gaming site hit by malware

The Twitch.tv online gaming platform, which is now owned by Amazon and has more than 55 million monthly viewers, has been infected with malware that spends users' money without their ...

China's cyber spying 'production line' approach no game for amateurs

China's cyber spying 'production line' approach no game ...

Chinese cyber-spying production line shares tools and tactics between different groups suggesting cooperation or at least similar training.