Adobe has warned of a zero-day threat present in current versions of its Adobe Reader, Acrobat and Flash Player software.
In a blog posting at the end of last week, Wendy Poland, security response program manager at Adobe Systems, said: “A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.
“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat.”
Adobe said that Reader and Acrobat 8.x are not vulnerable, and Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the 'authplay.dll' file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).
F-Secure chief research officer Mikko Hypponen claimed that the company had seen the new Adobe zero-day PDF (Exploit:W32/Pidief.CPT) in the wild, and it shows an almost blank screen to the user.