No patches yet while exploits are actively targeting Adobe's Flash, Acrobat and Acrobat Reader
Adobe on Friday released a security advisory warning of a vulnerability in Adobe Flash Player, Adobe Reader, and Acrobat on Windows, Macintosh, Linux, and Solaris operating systems.
The "critical" -- Adobe's most severe rating -- vulnerability could, according to the company, "cause a crash and potentially allow an attacker to take control of the affected system." Furthermore, it reported that the vulnerability was "being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader, and Acrobat."
The vulnerabilities exist in Adobe Flash Player 10.0.45.2 and before, and Adobe Acrobat and Acrobat Reader version 9.x, but not version 8.x.
Meanwhile, for Acrobat and Acrobat Reader version 9.x, "deleting, renaming, or removing access to the authplay.dll" that ships with those files eliminates the threat, according to Adobe. On the downside, if you try to open a PDF file containing vector graphics animated with SWF (Shockwave), prepare to "experience a non-exploitable crash or error message."
The recent prevalence and severity of these and other attacks against Adobe's products has led the company to overhaul its patching processes, begin offering automatic security updates for Adobe Reader, and reportedly to weigh moving to a regular, monthly patch cycle, akin to Microsoft's.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?