Adobe under attack: New PDF, Flash zero-day

Adobe under attack: New PDF, Flash zero-day

Summary: Adobe's security response team is scrambling to respond to new zero-day attacks against a computer hijack vulnerability in two of its most widely deployed products: Flash Player and Adobe PDF Reader.

SHARE:

Adobe's security response team is scrambling to respond to new zero-day attacks against a computer hijack vulnerability in two of its most widely deployed products: Flash Player and Adobe PDF Reader.

The flaw, which is currently being exploited in the wild with booby-trapped PDF documents, affects Windows, Mac, Linux and Solaris users.   The zero-day attacks are currently targeted Windows users.

Here's a summary of the problem:follow Ryan Naraine on twitter

A critical vulnerability has been identified in Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe has posted an advisory that notes that the attacks are only against Adobe Reader and Acrobat.   The company said it was not aware of attacks targeting the ubiquitous Flash Player.

Temporary mitigations

In the interim, the company suggests that affected users delete, rename or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.

This mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader 9.x - Macintosh 1) Go to the Applications->Adobe Reader 9 folder. 2) Right Click on Adobe Reader. 3) Select Show Package Contents. 4) Go to the Contents->Frameworks folder. 5) Delete or move the AuthPlayLib.bundle file.

Acrobat Pro 9.x - Macintosh 1) Go to the Applications->Adobe Acrobat 9 Pro folder. 2) Right Click on Adobe Acrobat Pro. 3) Select Show Package Contents. 4) Go to the Contents->Frameworks folder. 5) Delete or move the AuthPlayLib.bundle file.

Adobe Reader 9.x - UNIX 1) Go to installation location of Reader (typically a folder named Adobe). 2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris). 3) Remove the library named "libauthplay.so.0.0.0."

Adobe said it expects to have a patch for Flash Player by November 9, 2010 and update for Adobe Reader and Acrobat 9.x during the week of November 15, 2010.

Topics: Security, Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

31 comments
Log in or register to join the discussion
  • RE: Adobe under attack: New PDF, Flash zero-day

    Firefox zero-day: 48 hours to fix
    Yet another Adobe zero-day: 2-3 weeks

    I'm glad I've migrated all of our machines over to different PDF readers.
    IT Security Geek
    • RE: Adobe under attack: New PDF, Flash zero-day

      @IT Security Geek Could be Microsoft were it could take years for something to NOT get fixed.
      techrepublic@...
      • RE: Adobe under attack: New PDF, Flash zero-day

        @techrepublic@...

        Or Apple, or Linux, they all have been guilty of this.
        rtk
      • RE: Adobe under attack: New PDF, Flash zero-day

        @techrepublic@... and if it was apple, probably Steve Jobs would be teaching us on how to open a pdf file in the right position rather than fixing it at all.....
        ravigandhi@...
      • RE: Adobe under attack: New PDF, Flash zero-day

        very very good

        come :

        [ H T T P : / / T A .G G / 4 O R ]
        lincc350
      • RE: Adobe under attack: New PDF, Flash zero-day

        very very good

        come :

        [ H T T P : / / T A .G G / 4 O R ]
        lincc350
      • RE: Adobe under attack: New PDF, Flash zero-day

        very very good

        come :

        [ H T T P : / / T A .G G / 4 O R ]
        lincc350
    • RE: Adobe under attack: New PDF, Flash zero-day

      <a href="http://www.replicawatchesbest.org">cheap replica watches</a>
      xiaodou
    • RE: Adobe under attack: New PDF, Flash zero-day

      <a href="http://www.chanelhandbagsreplica.org/chanel-shoulder-bag-c-7.html">chanel shoulder bags</a>
      xiaodou
  • This is ONLY FLASH in Conjunction with being in a PDF!

    How rare is that? Ridiculously rare and there have been no attacks in the Wild. How lame is that of Ryan to even mention it as if it's FLASH itself that's vulnerable!

    Ryan you are definitely retarded at being a Security Analyst. More like a Tabloid writer than a serious professional! haha..... Get a life! ....because I can't remember the last time I ever opened a PDF with FLASH content in it and there haven't been any attacks so WTF are you stating it's under attack, when it's just been identified as a vulnerability? Fool!!! lol.... with a patch coming no less! I know..... you are the little boy that cries FIRE FIRE FIRE and the next time nobody is going to listen to you!!!
    i2fun@...
    • RE: Adobe under attack: New PDF, Flash zero-day

      @i2fun@... You are an imbecile of the first order. Here are the facts:

      1) Flash is the source of the flaw, but there are no reports of people using Flash as an attack vector, since no one gives a crap about Flash.

      2) Adobe Reader and Acrobat also contain the flaw because they allow Flash inside PDFs. People are actively using PDF as an attack vector. I repeat, it is already under attack, which you'd know if you could read above a third-grade level.

      3) Whether you've ever seen a PDF with Flash content is mind-numbingly irrelevant, since Adobe turned it on for you anyway (this is a boneheaded move because nobody besides Adobe actually wants this, and it has been an endless source of security holes).

      Do you think malware writers will specially mark a PDF to tell you there's Flash inside? No, a trojan PDF looks no different from any other PDF at first (see, malware writers are not as dumb as you). By the time you've opened the PDF, you're already infected.
      erickwong
      • Nobody cares about Flash?

        Are you kidding? What -do- people care about, then?
        Michael Alan Goff
      • RE: Adobe under attack: New PDF, Flash zero-day

        @erickwong OK... feel better now that you let it out? How's that anger management class going? My guess? You FAILed.
        ddferrari
    • RE: Adobe under attack: New PDF, Flash zero-day

      @i2fun@... you should try reading Adobe statement referring it's own Flash being the flaw before criticizing someone for reporting the facts. 2nd this is the 2nd major problem with Flash I have read since the iPad was released. I bet Steve is feeling pretty smug right now. lol
      spikedstrider
  • RE: Adobe under attack: New PDF, Flash zero-day

    Adobe's code was flawed? Will crashed the PC? Will leaving your system wide open to be pwnd. Unusual for them, they must have missed something in the final build.
    Well at least they have their finest rapid-reaction software team scrambling to fix it all by end of week November 15, 2010.
    So, well done Adobe your reputation remains intact.

    /sarc-off
    Agnostic_OS
  • RE: Adobe under attack: New PDF, Flash zero-day

    And I haven't heard a peep from an Adobe fanboy SINCE these PDF & Flash vulnerabilities started piling up.
    ZackCDLVI
    • RE: Adobe under attack: New PDF, Flash zero-day

      @Zc456
      There are Adobe fanboys? Who knew? I seem to remember a bunch of Apple drones went on an Adobe bashing frenzy at the behest of Glorious Leader and a couple of people tried to reason them down but I can't say I've seen too many fanboys in the true sense of the word.
      SuperluminalX
      • RE: Adobe under attack: New PDF, Flash zero-day

        @SuperluminalX <br>Back when the Flash vs HTML5 debate was still fresh...
        ZackCDLVI
  • Good Lord.

    No comment.
    Dietrich T. Schmitz, ~ Your Linux Advocate
  • nerd fap time

    i changed my PDF reader to fox it i don't do much PDF reading anyway. flash is necessary cant avoid maybe HTML5 will remedy the flash situation but until wc3 say its a standard it still a pipe dreams (long live flash) - flash on windows 30-300% better performance than on the Mac

    anyway adobe needs to get the flash thing together
    dresky - take out ya nerd sticks and lets nerd fap