updated 06:40 pm EDT, Sat June 5, 2010
Adobe Flash 10, Acrobat 9 at risk
Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.
The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.
An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.