Adobe acknowledges critical security flaw in software

Adobe sign Adobe has been criticised by Apple boss Steve Jobs over software security

Related Stories

Adobe has acknowledged a "critical" security flaw in its Reader, Acrobat and Flash Player software.

Adobe says the vulnerability potentially enables hackers to take control of affected computer systems.

Users running Windows, Macintosh or Linux might all be open to attack.

The company is working to fix the problem. In the meantime, users of Reader, Acrobat and Flash are advised to ensure their anti-virus software is up to date.

"It doesn't really get any worse than a 'zero-day' vulnerability like this," said Graham Cluley, senior technology consultant at Sophos, a security software company.

Affected software

  • Adobe Flash Player and earlier 10.0.x versions for Win, Mac, Linux and Solaris
  • Adobe Flash Player 9.0.262 and earlier 9.0.x versions for Win, Mac, Linux and Solaris
  • Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Win, Mac and UNIX
  • Adobe Flash Player 10.1 Release Candidate does not appear to be vulnerable
  • Adobe Reader and Acrobat 8.x are confirmed not vulnerable

Source: Adobe

He said that hackers could create a "booby-trapped Flash animation, or PDF" that would give them access to a person's computer, potentially allowing them to harvest personal information or use the machine to send spam messages.

In recent years, PDFs have become a popular means of sharing documents that are not easily altered by the recipient.

Vulnerability exploited

In a security advisory, Adobe said: "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat".

Whilst it works to fix the problem, the company suggested upgrading to the latest "release candidate" for the Adobe Flash Player, version 10.1, which it said "does not appear to be vulnerable".

Alternatively, the company said that Adobe Reader and Acrobat users could delete or rename the "authplay.dll" file on their system.

However, Adobe said that doing so meant that "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF [Adobe Flash] content."

Mr Cluley said that keeping anti-virus software up to date would also help to avoid problems.

"There has been a long history of vulnerabilities being found in Adobe's products," he said.

"This is probably because they are everywhere and omnipresent."

Adobe estimates that more than 95% of computers worldwide have Flash Player installed.

Argument strengthened

Apple has been criticised for preventing its popular iPhone and iPad devices from viewing Adobe Flash animations and videos.

Apple boss Steve Jobs recently wrote an open letter explaining that Adobe's Flash was, amongst other things, "the number one reason Macs crash".

Mr Cluley said: "The more people who are concerned about Adobe's products and the ability for them to be written securely, the more it backs up Steve Jobs' argument that Adobe's software is buggy.

"The crux of the problem is that Adobe have overloaded some of their programs with so many bells and whistles, that with lots of code, there is a much higher chance that there will be a bug.

"This vulnerability exploits a feature of a PDF file format that will not be widely used.

"A simpler code might have led to a simpler life."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories


Features & Analysis

  • Cartoon of women chatting on the metroChat wagon

    The interesting things you hear in a women-only carriage

  • Replica of a cargo boxSpecial delivery

    The man who posted himself to the other side of the world

  • Music scoreFinal score Watch

    Goodbye to NYC's last classical sheet music shop

  • Former Secretary of State Hillary Rodham Clinton checks her Blackberry from a desk inside a C-17 military plane upon her departure from Malta, in the Mediterranean Sea, bound for Tripoli, Libya'Emailgate'

    Hillary gets a taste of scrutiny that lies ahead

Elsewhere on the BBC

  • Woman standingMysterious miracle

    It's extremely unusual and shouldn't give false hope, but what makes the body beat cancer on its own?


  • A cyborg cockroachClick Watch

    The cyborg cockroach - why has a computer been attached to this insect’s nervous system?

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.