Tech!Alert: Adobe Issues Critical Security Advisory

Posted in TechNews. Written by Mike on March 15th, 2011

Adobe issued a critical security advisory for Adobe Flash Player and Acrobat Reader on Monday that warns of a zero-day exploit found in Flash Player for Windows, OS X, Linux, Solaris, and Android, as well as the authplay.dll component that ships with Adobe Reader and Acrobat X for Windows and Mac.

This vulnerability could cause a crash and potentially allow an attacker to assume control of a system. Unfortunately, are already attacks floating about the Internet in the form of a Flash file embedded within an Excel document.

The affected versions of Flash Player and Acrobat Reader include:

  • 10.2.152.33 or earlier for Windows, Mac, Linux and Solaris
  • 10.2.154.18 for Chrome
  • and 10.1.106.16 for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

A fix is in the works and should be released during the week of March 21st. Interestingly, if you’re using Acrobat X on Windows, a patch won’t be released until the next regular patch cycle scheduled for June because Acrobat X’s sandboxing feature — a feature not yet found in the versions of Reader for other platforms — offers extra protection to the underlying OS.

In the mean time, as we wait on the patch from Adobe, please practice safe computing, pay attention to the links you click, and don’t open unexpected attachments.

For more information:
http://www.adobe.com/support/security/advisories/apsa11-01.html

Comments are closed.

RSS Recent US-CERT Cyber Security Alerts

  • TA13-134A: Microsoft Updates for Multiple Vulnerabilities May 14, 2013
    Original release date: May 14, 2013 Systems Affected Microsoft WindowsInternet ExplorerMicrosoft .NET FrameworkMicrosoft LyncMicrosoft OfficeMicrosoft Windows Essentials Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Sum […]
  • TA13-107A: Oracle Has Released Multiple Updates for Java SE April 17, 2013
    Original release date: April 17, 2013 | Last revised: April 19, 2013 Systems Affected JDK and JRE 7 Update 17 and earlierJDK and JRE 6 Update 43 and earlierJDK and JRE 5.0 Update 41 and earlierJavaFX 2.2.7 and earlier Overview Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle strongly recommends that customers apply CPU fixes as soon as p […]
  • TA13-100A: Microsoft Updates for Multiple Vulnerabilities April 10, 2013
    Original release date: April 10, 2013 | Last revised: April 11, 2013 Systems Affected Microsoft WindowsMicrosoft Remote Desktop ClientMicrosoft Antimalware ClientMicrosoft Sharepoint Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security […]

© 2013 ESC! Technologies Group, LLC.