Adobe is readying a fix for a security bug being targeted by attackers. A patch addressing the issue on Windows, Mac, Linux and Solaris machines is expected to come within the next few days.
With attackers circling, Adobe Systems plans to patch a zero-day security vulnerability bug later this week.
In an advisory June 4
Adobe warned users that a vulnerability affecting Adobe Reader, Flash
Player and Acrobat was actively being exploited by attackers. The bug
exists in Flash Player 10.0.45.2 and earlier versions for Windows,
Macintosh, Linux and Solaris as well as the authplay.dll component that
ships with Adobe Reader and Acrobat 9.x for Windows, Mac and Unix
"We are in the process of finalizing a fix
the issue, and expect to provide an update for Flash Player 10.x for
Windows, Macintosh, and Linux by June 10, 2010," according to Adobe. "The patch date
for Flash Player 10.x for Solaris is still to be determined. We expect
to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows,
Macintosh and UNIX by June 29, 2010."
Exploiting the bug
(CVE-2010-1297) could cause systems to crash and potentially allow
attackers to execute code and take control of the affected system.
"We have confirmed that the attack involves Trojan.Pidief.J
, which is a PDF file that drops a back door Trojan onto the compromised computer if an affected product is already installed," blogged Joji Hamada
, a researcher with Symantec Security Response. "We have also come across an attack using a malicious SWF file (detected as Trojan Horse
) in conjunction with an HTML file (detected as Downloader
) to download another malware (detected as Backdoor.Trojan
) from the web."
Brad Arkin, Adobe's director of security and privacy, blogged that the company
issuing a "one-off 0-day fix followed a couple of weeks later
by the July 13 quarterly update" but decided against it due to concerns
about causing churn and patch management overhead problems for
As a mitigation, users can delete, rename or remove access to the
authplay.dll file in Adobe Reader and Acrobat 9.x, but doing so means
they will experience a non-exploitable crash or error message when
opening a PDF file that contains SWF content. The file is typically
located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for
Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll
for Acrobat, according to Adobe.
The Flash Player 10.1 Release Candidate
does not appear to be vulnerable, and Adobe Reader and Acrobat 8.x have been confirmed to be unaffected.