A new attack on a Flash bug has surfaced dat wou1d giv attackers ctrl of a victim’s computer aftr crashing it, reports PC World. Adobe put out a Security Advisory about dis on June 4. It is categorized az a critical issue & a11 operating sys's with Flash are vulnerable including Windows, Linux, & Apple & it is a1so found in the recent versions of Reader & Acrobat.
Affected Versions
The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, & earlier 10.0.x & 9.0.x versions for Windows, Macintosh, Linux & Solaris. Adobe Reader & Acrobat 9.3.2 & earlier 9.x versions for Windows, Macintosh & UNIX. The versions dat avoided bein affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, & Acrobat/Reader version 8.x.
Current Situation
The attack isn’t widespread in the wild yet, Adobe has only received 2 reports of online attacks. Of course the attack is new & may just be beginning to ramp up. Adobe will update the advisory whn a schedule has been determined for creating a fix.
Hw to avoid it?
Until the fix is ready, Adobe has advised the Flash users dat they shou1d use the 10.1 release candidate to avoid attack wher az Acrobat & Reader 9.x users cn downgrade to version eight 0r deleting, renaming, 0r removing acess to the authplay.dll file dat ships with Adobe Reader & Acrobat 9.x mitigates the threat for thos products, but users will experience a non-exploitable crash 0r error message whn opening a PDF file dat contains SWF content. The authplay.dll dat ships with Adobe Reader & Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader 0r C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.
