AAPL Stock: 117.81 ( -0.22 )

Printed from

Adobe Flash, Acrobat vulnerable to major security hole

updated 06:40 pm EDT, Sat June 5, 2010

Adobe Flash 10, Acrobat 9 at risk

Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.

The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.

An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.

by MacNN Staff



  1. MyRightEye

    Joined: Dec 1969


    Can't wait...

    ... to have this on my iPad.


  1. Feathers

    Joined: Dec 1969


    Adobe vulnerable

    The title should read Adobe vulnerable to own goal rather than security hole. Steve Jobs doesn't need to write explanatory letters when Adobe does things like this. Er... sloppy and lazy, anyone?

  1. LEStudios

    Joined: Dec 1969



    Steve Jobs was right again. Hey just in time for HTML5 Demos! Way to go Adobe!

  1. Foxypaco

    Joined: Dec 1969


    Good job Adobe!

    "The Flash Player 10.1 Release Candidate available at does not appear to be vulnerable. "

    Notice does not "appear" to be vulnerable. That's not very reaffirming now is it?

  1. iphonerulez

    Joined: Dec 1969


    Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

  1. ZogJones

    Joined: Dec 1969



    Epic fail....Not taking sides, but you gotta admit, the timing is pretty funny. Right before WWDC. 20 bucks says it makes its way into the Stevenote.

  1. fmlogue

    Joined: Dec 1969


    Where are the spin doctors

    I'm waiting for the Flash pushers to spin this into a good thing.

  1. jpellino

    Joined: Dec 1969


    As if...

    Anyone needed another reason to ignore both of these products. I have yet to find a compelling flash-based anything on the web outside of YouTube and Hulu, but they are hardly critical - the real eventual video on the web solution has yet to be settled, but I bet it involves HTML5 and H.264. I dumped Acrobat Reader with the rollout of OSX 10.5 and have yet to look back. On the very (very) rare occasion I need to fill out a fillable PDF, I borrow someone else's screen. PDF creation, management and distribution with 10.5+ is a dream come true. Add a system-wide hotkey for PDF and it's a no-brainer.

    The article sort of indicates this is really a Flash hole that also happens when a PDF calls Flash. Is that true, or are there matching or unique holes in each product? Any of those are separately disturbing, but it's interesting to see if this is common Adobe code that exists in separate product lines or if they are separately botching two products. Figure the odds.

  1. gmsquires

    Joined: Dec 1969


    Adobe Flas security holes


    I don't have or know of the specifics regarding this security issue, but I do know that ever since Adobe munged Flash handling capabilities into Acrobat, that is where most of the security holes have shown up in Acrobat.

  1. testudo

    Joined: Dec 1969


    Re: Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

    So what you are saying is that, with the iPhone and iPad, we are guaranteed of being completely free from any and all possible security vulnerabilities? None whatsoever, right? Can we get that in writing?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented