Adobe Warns of Flash, PDF Zero Day Attack

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.

It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

From Adobe’s advisory:

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate “does not appear to be vulnerable,” the company said.

Mitigation Guidance

In the absence of a patch, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x. This will mitigate the threat but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Adobe security chief Brad Arkin said the company received the first malicious sample around 10:30 AM on Friday. There is no information on when a patch will be available.