Adobe on Thursday said it will issue fixes next week for a critical hole in Flash that is being exploited in attacks against Adobe Reader version 9 on Windows.
The vulnerability exists in current versions of Flash Player for Windows, Macintosh and Linux and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for those same platforms, Adobe said in an advisory.
The vulnerability could cause a system to crash or allow an attacker to take control of the computer, Adobe said.
An update for Flash Player v9 and v10 for Windows, Mac, and Linux will be released by 30 July, while a fix for Solaris is pending. Adobe should have an update for Reader and Acrobat v9.1.2 for Windows, Macintosh and Unix by 31 July.
An attacker can exploit the vulnerability by luring someone to a website hosting a specially crafted Shockwave Flash file, US-Cert said in an advisory Thursday.
"The Adobe Flash browser plug-in is available for multiple web browsers and operating systems, any of which could be affected," Cert said. "An attacker could also create a PDF document that has an embedded SWF file to exploit the vulnerability. This vulnerability is being actively exploited."
The vulnerabilities can be mitigated by disabling the Flash plug-in or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist sites that can access the Flash plug-in, Cert said.
To disable Flash, US-Cert recommends:
- Disabling Flash in Adobe Reader 9 on Windows platforms by renaming the following files: '%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll' and '%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll'
- Disabling Flash Player or selectively enabling Flash content as described in the 'Securing Your Web Browser' document
"Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF that contains SWF (Shockwave Flash) content," the Adobe advisory said.
Typically, the authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll, Adobe said.
Windows Vista users can mitigate the impact of the exploit by enabling UAC (User Access Control), according to Adobe. Flash Player users should be careful when browsing unfamiliar websites.
Researchers on Wednesday reported that they had uncovered attacks in the wild in which malicious Acrobat PDF files were exploiting a vulnerability in Flash and dropping a Trojan onto computers.
The bug used in the exploit has been around since December 2008.
