Adobe warns of Flash, PDF zero-day attacks

Adobe warns of Flash, PDF zero-day attacks

Summary: Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

SHARE:
70

Adobe issued an alert late Friday night to warn about zero-day attacks against an unpatched vulnerability in its Reader and Flash Player software products.

The vulnerability, described as critical, affects Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems.   It also affects the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said.

From Adobe's advisory:follow Ryan Naraine on twitter

This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

The Flash Player 10.1 Release Candidate "does not appear to be vulnerable," the company said.

Mitigation Guidance

In the absence of a patch, Adobe recommends deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.   This will mitigate the threat but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Adobe Reader and Acrobat 8.x are confirmed not vulnerable.

Adobe security chief Brad Arkin said the company received the first malicious sample around 10:30 AM on Friday.  There is no information on when a patch will be available.

Topic: Enterprise Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

70 comments
Log in or register to join the discussion
  • Wow

    Flash and PDF are insecure?
    AzuMao
    • Which is pretty scary for OS X users

      @AzuMao <br>OS X is basically built on top of PDF.
      NonZealot
      • OS X is SAFE from these attacks.

        @NonZealot

        OS X is SAFE from these attacks.

        OS X is built on top of BSD Unix, not PDF. OS X writes to the screen using PDF technology. But then these are built in routines, not 3rd party files. BSD Unix is a very secure OS.

        Adobe fcsk's up PDF by adding scripting to it. This allows Adobe's readers to add interaction to PDFs. But it makes reading PDFs using Adobe's readers insecure and vulnerable to attacks.

        But this scripting doesn't run on Apple's PDF reader - Preview - or its PDF reading routines - such as in Safari. Apple did not include scripting code in its PDF code since it isn't part of the PDF specification. It is an Adobe construct. Which Apple, of course, kicked out.
        jameskatt
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @NonZealot : What's scary is your pathological hatred for anything Apple. It's scary that someone can be so consumed with hate the way you are.
        Macwinux
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @NonZealot
        OS X is basically built on top of PDF!!!!!???

        A small advice to you NonZealot, stop commenting of stuff you have no idea about, you're just embarrassing your self this way.
        You hate Apple so much & we got that. But don't let your hate gives birth to such ridiculous comments like the above one.
        NaderBelaid
      • @NonZ's Dis-Information

        @NonZealot, the article sez the workaround is to remove a DLL file from your system. There is no such DLL file on the Mac Flash or Acrobat materials.

        You may have somehow heard that Jobs's Next systems used ?Display PostScript? and confused that as how OSX handles on-screen info. That is absolutely NOT the case with Apple's handling of on-screen or printed materials; they dropped the approach, reportedly both because of the licensing fees Adobe wanted, and the technical limitations associated with its ability to handle advanced features.

        It HAS BEEN the case that PDF has introduced attack vectors into OSX, but your statement that OS X users are, or should be, scared is flat-out false.

        At first, I considered you might have been mis-informed. But your post holds so little water I will guess that you took the trouble and risk of exposing your ignorance because you wanted to spread anti-Apple FUD. So consider yourself called out as an anti-social bullshitter.
        WaltFrench
      • Non-Z's Disinformation Campaign

        @NonZealot, the article sez the workaround is to remove a DLL file from your system. There is no such DLL file on the Mac Flash or Acrobat materials.<br><br>You may have somehow heard that Jobs's Next systems used Display PostScript and confused that as how OSX handles on-screen info. That is absolutely NOT the case with Apple's handling of on-screen or printed materials; they dropped the approach, reportedly both because of the licensing fees Adobe wanted, and the technical limitations associated with its ability to handle advanced features.<br><br>It HAS BEEN the case that PDF has introduced attack vectors into OSX, but your statement that OS X users are, or should be, scared is flat-out false.<br><br>At first, I considered you might have been mis-informed. But your post holds so little water I will guess that you took the trouble and risk of exposing your ignorance because you wanted to spread anti-Apple FUD. So consider yourself called out as an anti-social manure spreader.
        WaltFrench
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @NonZealot

        OS X is basically built on top of PDF!!!!!???
        Your Apple hatred is really embarrassing you.
        A little advice, stop posting about things you have no idea about.
        You hate Apple & we got that, but that is never an excuse to spout such ridiculous comments like the one above.
        NaderBelaid
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @NonZealot ZDnet has a new article posted about a new streaming music service in the works called Rdio. If you hurry you can be the first one to post about how Apple will buy them up and close them down without having any facts. Kind of like your last post. Hurry up now!
        Macwinux
      • &lt;a href=&quot;http://www.tran33m.com/vb/&quot;&gt;forums&lt;/a&gt;

        @NonZealot You did of course see that Macintosh operating systems are vulnerable and since Abobe Flash 10 won't work on OS 9 and below I'm going to have to assume that the vulnerability affects those running all flavors of OSX...
        omaia7
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @NonZealot In Windows, nearly all large programs (such as Adobe Reader, or Norton Security) are built with large numbers of these "dynamically linked libraries" -- .dll files. A simple ".exe" program needs to be loaded into memory all at once in order to run, even when most of it's routines aren't going to be used. The advantage of building a big program with ".dll" files is that the individual chunks can be loaded and unloaded as needed, "dynamically". So, Windows itself is built with huge numbers of these ".dll" files, but so are individual applications. And in this case, it is an Adobe-crea<a href="http://www.tran33m.com/vb/">t</a>ed ".dll" file, part of the Reader pakcage installation.
        jku1
    • RE: Adobe warns of Flash, PDF zero-day attacks

      @AzuMao PDF is not insecure. Adobe's attempt to make PDF "active" is not only insecure, but goes against the virtues of PDF.

      Remember years ago when we told people to send files as PDFs instead of as Word for (among other things) security reasons? Well if you use Adobe Reader that advice no longer holds.

      Fortunately there are plenty of other PDF readers out there. For OS X, the native PDF reader is sufficient for 95% of what people need to use. On Windows, Sumatra PDF is a reasonably decent alternative (although printing from it is poor).

      Adobe's attitude toward security today reminds me of Microsoft 10 years ago.
      jpgoldberg
      • My bad. Acrobat, then.

        [b] [/b]
        AzuMao
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @jpgoldberg
        Well. It is actually for printing, but I get what you are saying
        davidhite
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @jpgoldberg

        RTFA: Reader is not affected......
        htotten
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @htotten (the stupid new comment system won't let me reply directly to a reply, and puts the newest reply at the top. Result: what I'm replying to is 3 posts down) <br><br>Read it again. " RTFA: Reader is not affected...... " - wrong. It says Reader 8 is not affected. The current version, Reader 9, most definitely is affected.
        Greenknight_z
      • RE: First thing&lt;a href=&quot;http://www.altincilek.tk&quot;&gt;altin cilek&lt;/a&gt;

        @jpgoldberg
        Fortunately there are plenty of other PDF readers out there. For OS X, the native PDF reader is sufficient for 95% of what people need to use. On Windows, Sumatra PDF is a reasonably decent alternative (although printing from it is poor).

        Adobe's attitude toward security today reminds me of Microsoft 10 years ago.
        osoz
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @jpgoldberg

        Where does Idaho rank? We have been living in Montana for the past 5 years and I am not supri<a href=http://www.hipersexshop.com.br>sexy shop</a>to find it #3 on the "worst" list. Considering a<a href=http://www.hipersexshop.com.br>sexshop</a>move to Idaho to escapthe high cost of living a low income in MT. There may not be a sales tax here but they get you if you own property!
        filhomarques
      • RE: Adobe warns of Flash, PDF zero-day attacks

        @jpgoldberg

        This enormously <a href="http://www.shoppharmacycounter.com/t-phentermine.aspx">Phentermine</a> is not be capable of you duplicate with the aim of? You affect this is.
        Phentermine
    • it's "just a windoze .dll file"; NO IT ISN'T.

      @WaltFrench:
      I agree with all the slams against that Windoze Zealot, but the article clearly indicates that Linux, Solaris, OSX, and most "Unix" systems are vulnerable. The file is present, but named differently according to the system for which it was built:

      On my Linux, for example, the file in question is named "libauthplay.so.0.0.0" -- it's named according to the normal scheme for overlay files. It's huge, 9.1MB in size, and I frankly wonder if it's a nearly full build of FlashPlayer inside the reader installation.

      No wonder it's so huge. Bug-riddled, un-designed, secret-sauce spyware: As other say, Adobe IS a menace. I will be delighted if HTML5 and Google's free video codec push them into history.

      As for pdf itself -- Yes, it would be a big job, but I wish that the OpenOffice people would implement the protocol in a more complete way. There are a lot of good "Reader" clones out there already, but no decent on-the-desktop document editors.
      Rick S._z