Related Links

Top 5 Stories


Adobe warns of critical multi-platform security flaw

07 June 2010

Adobe has released a major warning over a critical vulnerability in its Flash Player and earlier editions for Windows, Apple Mac, Linux and Solaris platforms.

Adobe Flash 10.1, however – which is available on some platforms – looks to be unaffected by the problem, although the vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe has tacitly admitted that the vulnerability is being actively exploited in the wild against both Adobe Flash Player, and some versions of Adobe Reader and Acrobat.

A patch for the issue is being developed by Adobe, although some industry experts are suggesting that users step back to Adobe Reader/Acrobat v8.x and/or upgrade to Flash Player 10.1 release candidate.

According to Graham Cluley, a senior technology consultant with Sophos, although Adobe has published a way to mitigate the problem for Adobe Reader and Acrobat 9.x for Windows, the workaround is clearly not ideal, since it involves deleting, renaming or removing access to the autoplay file.

Unfortunately, as Adobe says on its website: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content". Cluley says this is not a major issue.

"Once again, it sounds as if feature-itis (the technical term for a product suffering from excessive inflation of unnecessary features) could have partly been Adobe's undoing in this example. A simple PDF reader without so many bells and whistles might not have suffered from such exploitation", he said in a weekend security blog posting.

This article is featured in:
Application Security  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×