Print 66 comment(s) - last by QueBert.. on Jun 9 at 5:10 AM

Exploit attacks Flash Player 9 and 10 as well as Reader/Acrobat 9.x

Steve Jobs has been on a crusade against Adobe Flash for quite sometime citing issues with performance, stability, and security. Today, Adobe is fueling Jobs' concerns and likely giving the Apple CEO fodder for his WWDC keynote which is coming up on Monday.

According to Adobe, there is a critical vulnerability in versions of Flash Player (Windows, OS X, Linux, Solaris) and Reader/Acrobat 9.x (Windows, OS X, UNIX). The exploit allow a hacker to gain control over an affected system.

Even more troubling is that Adobe says that it currently doesn't have a fix and "there are reports that this vulnerability is being actively exploited in the wild."

Adobe says that the following versions of its products are affected:

  • Adobe Flash Player, 9.0.262, and earlier 10.0.x and 9.0.x versions
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions

It should be noted however, that the current Release Candidate version of Flash Player 10.1 "does not appear to be vulnerable" to this exploit and Adobe Reader/Acrobat 8.x are also safe.

You can view Adobe's full advisory on the exploit here which also details steps to minimize the impact of the exploit with Reader/Acrobat 9.x.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By bug77 on 6/6/2010 9:20:21 AM , Rating: 2
1. Jesus guys, be FAIR. If you wiped out flash tomorrow, and put all the sane functionality in a browser I am willing to bet that you will find as many if not MORE vunerabilities in the BROWSER that will vary according to which browser and platform.

You'd lose that bet.
1. One of the sources of these vulnerabilities is Adobe's persistence in using its own program stack. For speed considerations. But while modern OSes have layers of security around the program stack, Adobe's doesn't.
2. Even without #1, having an implementation for each platform makes each of them smaller targets to hit. On the other hand, Flash has a known vulnerability that will crash _any_ browser on _any_ OS. Apparently Adobe chose to hide it in their forums for "security reasons", but someone made a web page that shows the problem. Google it if you want proof.

"Spreading the rumors, it's very easy because the people who write about Apple want that story, and you can claim its credible because you spoke to someone at Apple." -- Investment guru Jim Cramer
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki