This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Adobe warns of zero-day vulnerability in its Reader, Acrobat and Flash Player

Share this article:

Adobe has warned of a zero-day threat present in current versions of its Adobe Reader, Acrobat and Flash Player software.

In a blog posting at the end of last week, Wendy Poland, security response program manager at Adobe Systems, said: “A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.

“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat.”

Adobe said that Reader and Acrobat 8.x are not vulnerable, and Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the 'authplay.dll' file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).

F-Secure chief research officer Mikko Hypponen claimed that the company had seen the new Adobe zero-day PDF (Exploit:W32/Pidief.CPT) in the wild, and it shows an almost blank screen to the user.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

StubHub ticketing agency taken for a million pounds

StubHub ticketing agency taken for a million pounds

Police around the world have arrested seven people - thought to have been tied into an international fraud ring - that allegedly defrauded the eBay-owned StubHub online ticketing service of ...

DDoS attacks grow as first DIY kits emerge

DDoS attacks grow as first DIY kits emerge

The latest report from Akamai Technologies has revealed another increase in DDoS attacks and the resurgence of botnets to carry out server-based attacks.

WordPress plugin flaw opens blogs up to cybercriminals

WordPress plugin flaw opens blogs up to cybercriminals

A WordPress plugin called MailPoet - which has been downloaded around 1.7 million times - has placed large numbers of WordPress-based websites at risk of incursion.