Hackers exploit Adobe's Flash, Reader bug

It seems that hackers are exploiting the critical vulnerability in Adobe's Flash Player and Reader software that the firm warned about on Friday.

Adobe said that the bug affects the latest version of its Flash Player 10.0.45.2, as well as older editions for Windows, Macintosh, Linux and Solaris.

Also vulnerable is its PDF viewer, Adobe Reader 9.x as well as Acrobat 9.x, its PDF creation software for Windows, Macintosh and Unix.

"There are reports that this vulnerability is being actively exploited in the wild against Flash Player, Reader and Acrobat," the company confessed in a security advisory.

Previously, Adobe let hackers know that the bug was there for the taking and said at the time it had no fix for the hole, other than suggesting users upgrade to its as-yet-unready Flash Player 10.1 release candidate 7.

Insecurity outfit Secunia said the threat was "extremely critical," which is as bad as it gets.

Attackers exploiting the flaw may be able to take over a targeted computer, and do what they like - usually send spam from it, Adobe admitted.

The bug warning is similar to one Adobe discovered in July last year, and which it took two weeks to patch up.

Adobe said the latest vulnerability lurks in Flash, as well as in the "authplay.dll" file that comes with every Windows copy of Reader and Acrobat.

The workaround for Reader and Acrobat users is to delete or rename the authplay.dll but, as we noted, that does cause an error message when opening a PDF file containing Flash content or, at worst, causes the software to crash.

Adobe gives itself a fortnight to patch such vulnerabilities. It had better get its finger out or this looks like being a further nail in the coffin Steve Jobs is preparing for its video-playing code.