We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010. We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player 10.x for Windows, Macintosh, Linux and Android by November 9, 2010. Adobe Reader for Android is not affected by this issue. Mitigation is available for Adobe Reader and Acrobat 9.x customers as detailed above. Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.ġ) Go to the Applications->Adobe Reader 9 folder.Ĥ) Go to the Contents->Frameworks folder.ĥ) Delete or move the AuthPlayLib.bundle file.ġ) Go to the Applications->Adobe Acrobat 9 Pro folder.ġ) Go to installation location of Reader (typically a folder named Adobe).Ģ) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).ģ) Remove the library named “libauthplay.so.0.0.0.”Īdobe categorizes this as a critical issue. Adobe Reader for Android is not affected by this issue.ĭeleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content. *Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010.Īdobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systemsĪdobe Flash Player 10.1.95.2 and earlier for AndroidĪdobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX*Īdobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh* We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. Adobe is not currently aware of attacks targeting Adobe Flash Player. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. Security Advisory for Adobe Flash Player, Adobe Reader and AcrobatĪ critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 10.1.95.2 and earlier versions for Android and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. Adobe indica que están finalizando el proceso para corregir este problema y que próximamente estará sacando un parcho para el mismo.Īquí les dejo el comunicado en su totalidad. Hasta el momento se ha logrado activar esta vulnerabilidad solamente en el Adobe Reader y Acrobat 9.x. Esta vulnerabilidad le permite al atacante tomar control de la unidad afectada. Adobe emitió un comunicado en relación a una vulnerabilidad critica en los productos Adobe Flash Player 10.1.85.3 y versiones previas para Windows, Macintosh, Linux, Solaris, también para Adobe Flash Player 10.1.95.2 y versiones anteriores para Android y para el componente authplay.dll que viene Adobe Reader 9.4 y versiones anteriores de la versión 9.x para Windows, Macintosh, UNIX, para Adobe Acrobat 9.4 y versiones anteriores a la 9.x para Windows y Mac.
0 Comments
Leave a Reply. |