Adobe scrambles to squash another zero-day vulnerability
Adobe is rushing to fix yet another zero-day vulnerability, this time affecting versions of Flash Player, Reader, and Acrobat on Windows, Mac, Linux, and Solaris. The vulnerability, the company reports, can cause affected systems to crash and allows attackers to take control of them.
"There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player," the company reported in a security bulletin issued today.
Adobe says it is working on fixes for the vulnerabilities: The update for Flash Player 10.X is expected by Nov. 9, and the update to Reader and Acrobat 9.4 and earlier 9.x versions should arrive the week of Nov. 15. In the meantime, the company offers mitigations, which amount to deleting, renaming, and/or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x.