A new attack on a Flash bug has surfaced that would give attackers control of a victim’s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.
The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.
Until the fix is ready, they tell Flash users that they should use the 10.1 release candidate to avoid attack where Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.