madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Adobe warns of Flash, PDF zero-day attacks

By | June 4, 2010, 8:06pm PDT

Summary: Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.   It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

From Adobe’s advisory:follow Ryan Naraine on twitter

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate “does not appear to be vulnerable,” the company said.

Mitigation Guidance

In the absence of a patch, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.   This will mitigate the threat but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Adobe security chief Brad Arkin said the company received the first malicious sample around 10:30 AM on Friday.  There is no information on when a patch will be available.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe Systems Inc., Adobe PDF, Zero-day Bug, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 79 Talkback(s)

  • Wow
    Flash and PDF are insecure?
    ZDNet Gravatar
    AzuMao
    5th Jun 2010
  • Which is pretty scary for OS X users
    @AzuMao
    OS X is basically built on top of PDF.
    ZDNet Gravatar
    NonZealot
    5th Jun 2010
  • OS X is SAFE from these attacks.
    @NonZealot

    OS X is SAFE from these attacks.

    OS X is built on top of BSD Unix, not PDF. OS X writes to the screen using PDF technology. But then these are built in routines, not 3rd party files. BSD Unix is a very secure OS.

    Adobe fcsk's up PDF by adding scripting to it. This allows Adobe's readers to add interaction to PDFs. But it makes reading PDFs using Adobe's readers insecure and vulnerable to attacks.

    But this scripting doesn't run on Apple's PDF reader - Preview - or its PDF reading routines - such as in Safari. Apple did not include scripting code in its PDF code since it isn't part of the PDF specification. It is an Adobe construct. Which Apple, of course, kicked out.
    ZDNet Gravatar
    jameskatt
    5th Jun 2010
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot : What's scary is your pathological hatred for anything Apple. It's scary that someone can be so consumed with hate the way you are.
    ZDNet Gravatar
    Macwinux
    5th Jun 2010
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot
    OS X is basically built on top of PDF!!!!!???

    A small advice to you NonZealot, stop commenting of stuff you have no idea about, you're just embarrassing your self this way.
    You hate Apple so much & we got that. But don't let your hate gives birth to such ridiculous comments like the above one.
    ZDNet Gravatar
    NaderBelaid
    5th Jun 2010
  • @NonZ's Dis-Information
    @NonZealot, the article sez the workaround is to remove a DLL file from your system. There is no such DLL file on the Mac Flash or Acrobat materials.

    You may have somehow heard that Jobs's Next systems used ?Display PostScript? and confused that as how OSX handles on-screen info. That is absolutely NOT the case with Apple's handling of on-screen or printed materials; they dropped the approach, reportedly both because of the licensing fees Adobe wanted, and the technical limitations associated with its ability to handle advanced features.

    It HAS BEEN the case that PDF has introduced attack vectors into OSX, but your statement that OS X users are, or should be, scared is flat-out false.

    At first, I considered you might have been mis-informed. But your post holds so little water I will guess that you took the trouble and risk of exposing your ignorance because you wanted to spread anti-Apple FUD. So consider yourself called out as an anti-social bullshitter.
    ZDNet Gravatar
    WaltFrench@...
    5th Jun 2010
  • Non-Z's Disinformation Campaign
    @NonZealot, the article sez the workaround is to remove a DLL file from your system. There is no such DLL file on the Mac Flash or Acrobat materials.

    You may have somehow heard that Jobs's Next systems used Display PostScript and confused that as how OSX handles on-screen info. That is absolutely NOT the case with Apple's handling of on-screen or printed materials; they dropped the approach, reportedly both because of the licensing fees Adobe wanted, and the technical limitations associated with its ability to handle advanced features.

    It HAS BEEN the case that PDF has introduced attack vectors into OSX, but your statement that OS X users are, or should be, scared is flat-out false.

    At first, I considered you might have been mis-informed. But your post holds so little water I will guess that you took the trouble and risk of exposing your ignorance because you wanted to spread anti-Apple FUD. So consider yourself called out as an anti-social manure spreader.
    ZDNet Gravatar
    WaltFrench@...
    5th Jun 2010
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot

    OS X is basically built on top of PDF!!!!!???
    Your Apple hatred is really embarrassing you.
    A little advice, stop posting about things you have no idea about.
    You hate Apple & we got that, but that is never an excuse to spout such ridiculous comments like the one above.
    ZDNet Gravatar
    NaderBelaid
    5th Jun 2010
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot ZDnet has a new article posted about a new streaming music service in the works called Rdio. If you hurry you can be the first one to post about how Apple will buy them up and close them down without having any facts. Kind of like your last post. Hurry up now!
    ZDNet Gravatar
    Macwinux
    5th Jun 2010
  • <a href="http://www.tran33m.com/vb/">forums</a>
    @NonZealot You did of course see that Macintosh operating systems are vulnerable and since Abobe Flash 10 won't work on OS 9 and below I'm going to have to assume that the vulnerability affects those running all flavors of OSX...
    ZDNet Gravatar
    omaia7
    6th Mar
  • orjin krem
    Flash and pembe maske energy balancePDF are insecure
    ZDNet Gravatar
    ekoaldiva
    20th Jun
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot In Windows, nearly all large programs (such as Adobe Reader, or Norton Security) are built with large numbers of these "dynamically linked libraries" -- .dll files. A simple ".exe" program needs to be loaded into memory all at once in order to run, even when most of it's routines aren't going to be used. The advantage of building a big program with ".dll" files is that the individual chunks can be loaded and unloaded as needed, "dynamically". So, Windows itself is built with huge numbers of these ".dll" files, but so are individual applications. And in this case, it is an Adobe-crea ted ".dll" file, part of the Reader pakcage installation.
    ZDNet Gravatar
    jku1
    11th Mar
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @NonZealot That's really great read in you blog thanks for share very nice post. book report writing | Admission essay writing | thesis writing
    ZDNet Gravatar
    linasmith
    24th Aug
  • RE: Adobe warns of Flash, PDF zero-day attacks
    @AzuMao PDF is not insecure. Adobe's attempt to make PDF "active" is not only insecure, but goes against the virtues of PDF.

    Remember years ago when we told people to send files as PDFs instead of as Word for (among other things) security reasons? Well if you use Adobe Reader that advice no longer holds.

    Fortunately there are plenty of other PDF readers out there. For OS X, the native PDF reader is sufficient for 95% of what people need to use. On Windows, Sumatra PDF is a reasonably decent alternative (although printing from it is poor).

    Adobe's attitude toward security today reminds me of Microsoft 10 years ago.
    ZDNet Gravatar
    jpgoldberg
    5th Jun 2010
  • My bad. Acrobat, then.
    ZDNet Gravatar
    AzuMao
    6th Jun 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here