Critical zero-day vulnerability found in Adobe Flash, Reader, Acrobat

Filed Under: Adobe, Adobe Flash, Malware, Vulnerability

There's more bad news for the users of Adobe's products, as the company has just advised that it has discovered critical security vulnerabilities in versions of Adobe Flash Player, Adobe Reader and Adobe Acrobat.

According to an advisory published by the firm, the vulnerabilities can be exploited by malicious hackers to run malicious code on victims computers.

Adobe says that version and earlier of Flash Player for the Windows, Macintosh, Linux and Solaris operating systems are vulnerable. In addition, Adobe Flash Player and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems are at risk.

Finally, Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems are also vulnerable.

Adobe says it is working on fixing the as-yet unpatched vulnerability, and hopes to provide an update for Flash Player 10.x (for the Windows, Macintosh, Linux, and Android platforms) by November 9th. Adobe Reader and Acrobat 9.4 and earlier are scheduled to be updated during the week of November 15th for Windows and Mac OS X.

Of course, that's some time away - and in the meantime it wouldn't be a surprise at all to hear of more malicious hackers attempting to exploit these vulnerabilities. Bad news for Adobe's customers is, of course, bad news for Adobe.

, , ,

You might like

11 Responses to Critical zero-day vulnerability found in Adobe Flash, Reader, Acrobat

  1. Duncan Jones · 1806 days ago

    So what should we Mac users do in the meantime?

    • Sophos detects the components dropped in the attacks we've seen so far as Mal/Dropper-P and Troj/Wisp-A. Of course, we'll continue to keep an eye on this.

    • chesterwisniewski · 1806 days ago

      Whenever there is a Adobe Flash vulnerability, it affects Adobe Reader/Acrobat as well. The safest thing to do on all platforms is to eliminate the authplay.dll (Windows c:\program files\Adobe Reader\authplay.dll, OS X /Applications/Adobe Reader 9/Adobe component to prevent Flash from rendering or being exploited in PDF files.

  2. kristindewey · 1806 days ago

    Is that why I can't install the latest update for my Adobe flash player on my laptop?? I push the "install" button, and my whole computer shuts down.

  3. Jay · 1806 days ago

    What exactly is the vulnerability capable of doing?

    • chesterwisniewski · 1806 days ago

      It will crash Reader can can execute arbitrary code. We are seeing samples in the wild.


  4. Nick · 1806 days ago

    If I browse with adblock plus & don't visit any dodgy sites will I be ok? :D

  5. Jay · 1806 days ago

    Looks like Steve was right... again... Flash is still the biggest backdoor on so many platforms...

  6. V. Paquette · 1803 days ago

    I apologize for being the complete tech illiterate in this conversation, but will you please advise us as to what the best defense against this is? Should we remove all Adobe products from our computers and reinstall or look else where until this is resolved? I have been having issues for several days.

    Thank you.

    • Chester Wisniewski · 1803 days ago

      The current defense for Adobe Reader and Acrobat is to delete AuthPlay.dll as I noted in my comment above. This does not fix the Flash vulnerability, but will stop Reader and Acrobat from being exploited. It does disable the ability to view Flash animations in PDFs, but I have never seen a legitimate PDF that uses this functionality.

      Another option is to use an alternative PDF viewer like Sumatra PDF reader. You can download it from the author's blog at


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley