Adobe said that it is investigating the security vulnerability in its flash format that could allow remote attackers to execute arbitrary code on the vulnerable system.
Adobe security advisory said that, a critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. The advisory said that the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe confirmed that they are in the process of developing a fix for this issue and expects to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009, and patch Adobe Reader and Acrobat v9.1.2 for Windows and Macintosh by the end of this month.
The company stated that deleting, renaming, or removing access to the “authplay.dll” file that ships with Adobe Reader and Acrobat v9.x mitigates the threat for those products. It also noted that by doing so, the users will experience a non-exploitable crash or error message when opening a PDF that contains SWF content.
The US Computer Emergency Response Team (US-CERT) has issued security instructions on the vulnerability in Adobe Flash. It posted suggestions on how to disable the Flash and 3D & Multimedia support in Adobe Reader 9 from Windows, Mac and Linux machines.
