Hackers Exploit New Adobe Flash Player Bug

The attack is not yet widespread. Adobe spokeswoman Wiebke Lips said they had received only two reports of attacks, the first one detected on Friday morning. Nevertheless, Adobe wrote on its security advisory that “this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.”

The bug causes system failure in the Adobe software and provides a backdoor entry for attackers to take control of the computer.

The flaw affects Adobe Flash Player version 10.0.45.2, 9.0.262 as well as versions 10.0.x and 9.0.x for Windows, Linux, Solaris and Macintosh. Also vulnerable are Adobe Reader, Acrobat 9.3.2 and 9.x versions for Macintosh, Windows and UNIX.

According to Adobe officials, Flash Player 10.1 Release Candidate 7 and Adobe Reader and Acrobat 8.x seemed immune to the flaw.

As of this writing, Adobe has yet to come up with an official patch for the flaw, although users may protect their computers by downloading the Flash Player 10.1 Release Candidate 7. They must also make sure that they are using the latest versions of the Reader and Acrobat code.

Another way to protect the flaw from wreaking havoc in one’s computer is to delete, rename or block access to the authplay.dll file.

Symantec reports that Adobe’s free Reader software has become a magnet for hackers in recent years. About half of online attacks were made possible by using malicious PDF files. Unfortunately, Flash is currently the main option for electronic document sharing, leaving many computers vulnerable to its flaws.

Adobe’s less secure platform was one of the major reasons why Steve Jobs did not allow Adobe Flash to be available on the iPhone or iPad.

In February 2010, Adobe apologized for its failure to fix a Flash Player bug for 16 months. The flaw had caused Safari 3, Internet Explorer 6 and 7, and Firefox to crash.