Security Advisory APSA10-01 Warning: Hackers Exploit Extremely Critical Bug in Adobe's Flash and Reader

adobe flash reader acrobat bug exploit attackOnce again a zero-day vulnerability bug within Adobe Flash and Reader is being exploited by attackers recently.

This new attack comes just after Adobe's head of security, Brad Arkin, admitted that hackers had their software in their sight. This comes as no surprise to us because Adobe products were already said to be one of top targets for malware this year. The new vulnerability is known to affect the 10.0 generation of Adobe Flash and 9.x versions of Adobe Reader (allows you to view PDF files). Flash versions 10.045.2 and earlier found on Windows, Linux, Mac and Solaris systems are also affected.

The vulnerability is actively being exploited by hackers from reports coming into security advisors for some time now. The exploited bug exists inside of Flash and the "authplay.dll" file which comes bundled with Acrobat and Reader for Windows. The flaw may essentially allow hackers to hijack the targeted computer which has prompted the U.S. Computer Emergency Readiness Team (US-CERT) to give this threat their highest ranking, "extremely critical".

The recent findings prompted an Adobe security advisory APSA10-01 warning of an exploited vulnerability that is almost identical to the warning almost a year ago when Adobe's Flash Player (to play Flash video content), Acrobat (to view and edit PDF files), and Reader (to view PDF files) were under attack through use of malicious PDF (Portable Document Format) files.

Computer users under attack utilizing an affected copy of Adobe Reader or Flash may encounter a system crash if opening a rigged PDF file that contains Flash which will access "authplay.dll". For now, until a patch is released, users can protect themselves by renaming or deleting the "authplay.dll" file. Once the file is deleted or renamed users will encounter an error if opening a PDF file that contains Flash.

The new Flash Player 10.1 Release Candidate is also another alternative for users as it does not appear to be vulnerable to this recent attack. However, Release Candidate software is not a finished product.

Do you use Adobe Flash, Reader or Acrobat on a daily basis without the fear of a hacker hijacking your system through an Adobe exploit? If you do have concerns about Abobe exploits, it may be time that you start utilizing a trusted anti-spyware solution in the event that a hacker may be able to compromise your computer through a vulnerability such as the recent Adobe bug exploit.

One Comment

  • Adem Johnson:

    Great news! I am using Adobe Acrobat. Is that APSA10-01 Warning damage Acrobat? I am really worried about the Acrobat use. Thank you for this information.