No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Related Articles

Critical, vulnerability, widely, used, Adobe, software
Adobe advises ColdFusion config change to block security hole
A security vulnerability in Adobe's ColdFusion has been identified and fixed through a configuration...
Read More
Critical infrastructure constantly under attack
Today's release of the report "In the Crossfire: Critical Infrastructure in the Age of...
Read More
Scareware rogue software reaches threat peak
The highest level of total malware detected in more than a year, and four...
Read More
AppLabs and Original Software Partner to Help Clients Take the Step from Manual to Automated...
- Sponsored Editorial - AppLabs sees huge value proposition for its clients with...
Read More
Finisterre finds Mac Virex vulnerability
The Month of Apple Bugs may be over, but Kevin Finisterre hasn't given up...
Read More

More From

Popular Threads

Critical vulnerability in widely used Adobe software

Stephen Withers
Friday, 24 July 2009 03:57

Business IT - Security

View Comments
A critical vulnerability has been discovered in Adobe Reader, Acrobat and Flash Player. The vulnerability is being actively exploited against Reader 9 on Windows.
An advisory issued by Adobe warns of a critical vulnerability in the current versions of Flash Player for Windows, Mac OS X and Linux.

The authplay.dll component that is part of Adobe Reader and Acrobat version 9 for Windows, Mac OS X and Unix is also affected.

The issue is regarded as critical as successful exploits can take control of a system. Adobe notes reports of limited and targeted attacks against the Windows version of Reader 9.

Adobe suggests deleting, renaming or removing access to the authplay.dll file as a temporary defence for Acrobat and Reader. Under Windows, it is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll.

Under Mac OS X, it can be located by right-clicking on the Adobe application and selecting Show Package Contents, and then opening the Frameworks folder within the Contents folder. There are apparently no reports of attacks on the Mac versions of the affected software.

Disabling authplay.dll will cause a crash or other error condition on opening a PDF file containing SWF content, Adobe warns.

The company also suggests the use of Vista's User Access Control to mitigate the impact of an exploit.

That still leaves the vulnerability in Flash Player. A bulletin released by US-CERT suggests disabling the Flash plugin or using NoScript (for Firefox or SeaMonkey) to allow Flash content only from trusted sites.

Anti-virus software may provide protection if kept up to date - Adobe has notified vendors of the issue.

Adobe plans to release updates for Flash Player 9 and 10 for Windows, Mac OS X and Linux by July 30, 2009. A release date for the Solaris versions has not been set.

Updates for Acrobat and Reader 9 are expected by July 31, 2009.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases