Adobe has confirmed some vulnerability issues in its Acrobat and Flash Player products, but the response was rather “quiet” – the company doesn’t appear to make a big fuss when it comes to its own mistakes. An announcement has been made on the company site that a critical vulnerability exists in current versions of Flash Player and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x. The announcement came months after the tech media published extensive reports about these vulnerabilities and no official “apology” from Adobe has been made.
The critical vulnerability confirmed by Adobe is actually a dangerous issue for users of Windows, Macintosh and UNIX: it could cause a crush and allow a hacker to take control of the affected system: hackers can take control of users’ PCs, using bot networks to steal data like private information, bank accounts, passwords etc. Adobe’s Flash vulnerability is exploited through web pages that embed Flash as multimedia.
This malicious Flash file is being embedded in Web pages, sometimes of legitimate Web sites that are compromised.”Purewire’s research indicates this malicious Flash movie file is just different enough from the PDF file exploit that it isn’t being detected by many anti-malware software packages yet.
Fortunately, Adobe announces that a fix for the issue is being developed and expected by the end of the month:
We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009.
We are very surprised that Adobe didn’t use any of the new age media outlets to announce the news (like Twitter and Facebook), but happy to learn that it will only take three days till a fix is being delivered. In the meanwhile, beware of the Adobe Flasher!