Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
3 comments

Adobe Warns of Critical Flash Vulnerability

Adobe has announced that a critical security vulnerability exists in the latest versions of Flash Player (v.9.0.159.0 and v10.0.22.87) for Mac OS X, Windows, and Linux, as well as in the authplay.dll component embedded in Adobe Reader and Acrobat v9.x for Mac, Windows, and various Unix operating systems.

The vulnerability could cause a crash that could be exploited by an attacker to gain control of the affected system, and in fact, this weakness is currently being exploited in the wild, though only in limited attacks directed at Adobe Reader 9 for Windows. An attacker could exploit this vulnerability by convincing users to visit a Web site that hosts a malicious SWF file, or by creating a PDF document that contains an embedded SWF file.

Adobe says it expects to release a fix for the Flash Player vulnerability by 30-Jul-09, and for Adobe Reader and Acrobat by 31-Jul-09. In the meantime, the company suggests Flash Player users use caution in visiting untrusted Web sites, though the only surefire way to avoid problems is by disabling Flash. For directions on disabling Flash in a variety of places and in different operating systems, see US-CERT’s Vulnerability Note VU#259425. If you use Firefox, you can use the NoScript plug-in to whitelist Flash content on specific Web sites; if you use Safari, turn to Click to Flash.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Adobe Warns of Critical Flash Vulnerability