In June 2010, a warning from the software giant Adobe served as a stark reminder of the inherent vulnerability of some of our most common business applications. Users of Flash Player and Adobe Reader were advised of a critical flaw that had been exploited by hackers who could potentially take control of an infected system.
 

Please check your software versions against the list below and refer to our support team should you have any questions.

Affected software

Adobe Flash Player 10.0.45.2 and earlier 10.0.x versions for Win, Mac, Linux and Solaris
Adobe Flash Player 9.0.262 and earlier 9.0.x versions for Win, Mac, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Win, Mac and UNIX
Adobe Flash Player 10.1 Release Candidate does not appear to be vulnerable
Adobe Reader and Acrobat 8.x are confirmed not vulnerable

How to fix the problem

Whilst working on a patch for these issues, Abode suggested that users upgrade to the latest "release candidate" for the Adobe Flash Player, version 10.1, which it said "does not appear to be vulnerable".

Additionally, the company stated that Adobe Reader and Acrobat users could delete or rename the "authplay.dll" file on their system. However, the company pointed out that doing so would mean that "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF [Adobe Flash] content."

Previous issues with Adobe products

This alert was almost identical to the one made public by Adobe on the 22nd July 2009, when the publisher warned that its Flash Player, Reader and Acrobat had come under attack. Adobe had corrected the flaw by the 31st July 2009, but some researchers have since spoken out to say that the publisher had known of its existence for more than six months previous.

Graham Cluley, senior technology consultant at Internet security firm Sophos commented: “It doesn't really get any worse than a ’zero-day' vulnerability like this. There has been a long history of vulnerabilities being found in Adobe's products. This is probably because they are everywhere and omnipresent."

Indeed, Adobe estimates that over 95% of computers worldwide have Flash Player installed. Apple boss Steve Jobs recently wrote an open letter defending his company’s decision to prevent its popular iPhone and iPad devices from viewing Adobe Flash animations and videos. In the letter, he said that Adobe's Flash was, amongst other things, "the number one reason Macs crash".

Mr Cluley said: "The more people who are concerned about Adobe's products and the ability for them to be written securely, the more it backs up Steve Jobs's argument that Adobe's software is buggy. The crux of the problem is that Adobe have overloaded some of their programs with so many bells and whistles, that with lots of code, there is a much higher chance that there will be a bug. This vulnerability exploits a feature of a PDF file format that will not be widely used. A simpler code might have led to a simpler life."