Adobe has issued an alert stating that a critical flaw is affecting its Flash Player, Adobe Reader and Acrobat. The flaws, which could allow an attacker to take remote control of the affected machines, are already being exploited, warns Adobe, which has not yet released a fix for the problem.
The version 10.0.45.2 and earlier (10.0.x and 9.0.x) of Adobe Flash Player for Windows, Mac, Linux and Solaris and version 9.3.2 and earlier of Reader and Acrobat for Windows, Mac and Unix are affected by the failure. According to the company, it has not been detected, at least until now, that version 10.1 of Flash Player is also affected by the problem and it is already confirmed that versions 8.x of Adobe Reader and Acrobat are not vulnerable.
As there is still no date set for the release of a fix that solves the problem, Adobe recommends users to download the latest version of Flash Player (10.1), still in release candidate (almost final version).
In order not to take risks in the use of Acrobat and Reader, users must «delete, rename or remove access to the file authplay.dll» included in the product. However, the action will have some impact on the normal use of the software and trigger error messages if the user, after the operation, tries to open a PDF file with SWF content, also warns Adobe.
Editorial Note: Fixed Adobe Reader designation.