toggle

AAPL Stock: 121.3 ( -1.07 )

Printed from http://www.macnn.com

Adobe Flash, Acrobat vulnerable to major security hole

updated 06:40 pm EDT, Sat June 5, 2010

Adobe Flash 10, Acrobat 9 at risk

Adobe on Saturday posted a warning of a critical security vulnerability for both Flash and Acrobat. Both Mac and Windows versions of Flash 10.0 and earlier, as well as all versions of Acrobat 9, are susceptible to being exploited for remote control over a user's computer. Flash 10.1's pre-release build and older versions of Acrobat aren't affected.

The hole doesn't yet have a fix and has already been used to attack computers in real conditions. Acrobat owners with Windows systems can delete, rename or block access to authplay.dll as a workaround, but the move prevents opening PDF files with embedded Flash. No schedule was given for when a patch would arrive for either Flash or Acrobat.

An exploit on this level comes ill-timed for Adobe as it has just recently tried to promote Flash as a secure environment in its bid to persuade Apple and users that the plugin is necessary on mobile devices. Flash 10.1 for Android 2.2 isn't known to have the problem but isn't yet in a finished state.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. MyRightEye

    Joined: Dec 1969

    +17

    Can't wait...

    ... to have this on my iPad.

    /s

  1. Feathers

    Joined: Dec 1969

    +12

    Adobe vulnerable

    The title should read Adobe vulnerable to own goal rather than security hole. Steve Jobs doesn't need to write explanatory letters when Adobe does things like this. Er... sloppy and lazy, anyone?

  1. LEStudios

    Joined: Dec 1969

    +14

    LMAO!

    Steve Jobs was right again. Hey just in time for HTML5 Demos! Way to go Adobe!


  1. Foxypaco

    Joined: Dec 1969

    +13

    Good job Adobe!

    "The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable. "

    Notice does not "appear" to be vulnerable. That's not very reaffirming now is it?

  1. iphonerulez

    Joined: Dec 1969

    +10

    Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!

  1. ZogJones

    Joined: Dec 1969

    +6

    BWAHAHAHAHA!

    Epic fail....Not taking sides, but you gotta admit, the timing is pretty funny. Right before WWDC. 20 bucks says it makes its way into the Stevenote.

  1. fmlogue

    Joined: Dec 1969

    +4

    Where are the spin doctors

    I'm waiting for the Flash pushers to spin this into a good thing.

  1. jpellino

    Joined: Dec 1969

    +2

    As if...

    Anyone needed another reason to ignore both of these products. I have yet to find a compelling flash-based anything on the web outside of YouTube and Hulu, but they are hardly critical - the real eventual video on the web solution has yet to be settled, but I bet it involves HTML5 and H.264. I dumped Acrobat Reader with the rollout of OSX 10.5 and have yet to look back. On the very (very) rare occasion I need to fill out a fillable PDF, I borrow someone else's screen. PDF creation, management and distribution with 10.5+ is a dream come true. Add a system-wide hotkey for PDF and it's a no-brainer.

    The article sort of indicates this is really a Flash hole that also happens when a PDF calls Flash. Is that true, or are there matching or unique holes in each product? Any of those are separately disturbing, but it's interesting to see if this is common Adobe code that exists in separate product lines or if they are separately botching two products. Figure the odds.

  1. gmsquires

    Joined: Dec 1969

    +2

    Adobe Flas security holes

    @Jpellino

    I don't have or know of the specifics regarding this security issue, but I do know that ever since Adobe munged Flash handling capabilities into Acrobat, that is where most of the security holes have shown up in Acrobat.

  1. testudo

    Joined: Dec 1969

    0

    Re: Android users want freedom of choice

    and they choose to have security vulnerabilities. They're not going to let Steve Jobs take that freedom away from them. Take that, walled garden!


    So what you are saying is that, with the iPhone and iPad, we are guaranteed of being completely free from any and all possible security vulnerabilities? None whatsoever, right? Can we get that in writing?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented