This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Adobe warns of zero-day vulnerability in its Reader, Acrobat and Flash Player

Share this article:

Adobe has warned of a zero-day threat present in current versions of its Adobe Reader, Acrobat and Flash Player software.

In a blog posting at the end of last week, Wendy Poland, security response program manager at Adobe Systems, said: “A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.

“This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat.”

Adobe said that Reader and Acrobat 8.x are not vulnerable, and Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the 'authplay.dll' file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).

F-Secure chief research officer Mikko Hypponen claimed that the company had seen the new Adobe zero-day PDF (Exploit:W32/Pidief.CPT) in the wild, and it shows an almost blank screen to the user.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...