Critical security bug in Adobe Reader, Acrobat & Flash Player

Adobe has disclosed a highly critical vulnerability exists in Adobe Reader 9, Acrobat and Flash Player. The vulnerability has the potential to allow remote attackers to gain control of a compromised system. According to the Common Vulnerabilities and Exposures website, the "[u]nspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009."

This vulnerability affects Windows XP/Vista, Mac OS X & Linux versions of the software, but is only being actively exploited on the Windows platform. Mitigate exposure by opening only trusted PDF documents, visiting only trusted websites and installing the update as soon as it is made available. Adobe has indicated a patch addressing this issue will be available by next week: "We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX by July 31, 2009.

Technology website arstechnica.com has an informative article on the nasty bug.

Technorati Tags: acrobat, adobe, flash, linux, mac os x, security, vulnerability, windows