Feeds

Adobe plugs critical Flash Player hole

More than 30 others patched too

Securing Web Applications Made Simple and Scalable

Adobe Systems on Thursday made good on a promise to rid its ubiquitous Flash media player of a critical vulnerability that criminals are exploiting to install malware on end user machines.

The security update is available for versions 10.0.45.2 and earlier of Flash for Windows, Mac OS X, and Linux. Last week, Adobe warned that the vulnerability allows attackers to take complete control of vulnerable machines when they view websites that contained specially manipulated Flash content. A related vulnerability that's also being actively exploited in Adobe's Reader and Acrobat applications won't be available until June 29, the company said.

According to Websense and other security firms, the security bugs are being targeted in emails that prompt recipients to open booby-trapped websites and PDF documents. The malicious files used in the exploits weren't detected by a single one of the major anti-virus providers as of Wednesday, more than five days after Adobe first disclosed the attacks, Websense said.

Once the exploits are executed, end-user machines are infected with backdoor trojans and other malware, much of which also was not detected by anti-virus software.

With almost three weeks to go before a fix is issued for the Reader and Acrobat bugs, users should take steps to guard against attacks. The best safeguard is to shun the applications altogether and use an alternative one such as Foxit for Windows or Preview for the Mac. If that's not possible, the authplay.dll, AuthPlayLib.bundle or libauthplay.so.0.0.0 files should be deleted on Windows, Mac and Linux machines respectively.

Adobe has more detailed work-around instructions here. The US Computer Emergency Readiness Team has also said that disabling javascript in Reader and Acrobat will also prevent the attacks.

In all, Flash 10.1.53.64, which is available for download here, fixes more than 30 other security flaws. Not that Adobe is out of the woods yet. Shortly after it was released, security researcher Charlie Miller tweeted: "Yippee! My fav flash bug survived another adobe killing field." ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.