Adobe warns of "critical" vulnerability in Flash player, Reader and Acrobat products

Adobe has issued a security advisory about a "critical" vulnerability that "attackers could take control of people's computers." Affected software includes: Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris, Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX."Adobe said Flash Player 10.1 RC […]

Adobe has issued a security advisory about a "critical" vulnerability that "attackers could take control of people's computers." Affected software includes: Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris, Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh, and UNIX.

"Adobe said Flash Player 10.1 RC doesn't seem to be vulnerable and that Reader and Acrobat 8.x are confirmed not vulnerable. Adobe didn't say when an official fix would be released, but according to company, computer users can mitigate Flash issue by downloading RC mentioned above.

Acrobat and Reader issue can be addressed by "deleting, renaming, or removing access to authplay.dll file" that ships with those products, Adobe said. This'll, however, cause a nonexploitable crash or error message if a user opens a PDF file that contains SWF content. The .dll file is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat," Adobe said.

More Info: security advisory