Adobe has acknowledged a critical security flaw in its Reader, Acrobat and Flash Player software. Adobe says the vulnerability potentially enables hackers to take control of affected computer systems and that users running Windows, Macintosh or Linux might all be open to attack. The company is working to fix the problem. In the meantime, users of Reader, Acrobat and Flash are advised to ensure their anti-virus software is up to date. “It doesn’t really get any worse than a vulnerability like this,” said Graham Cluley, senior technology consultant at Sophos, a security software company. He said that hackers could create a “booby-trapped Flash animation, or PDF” that would give them access to a person’s computer, potentially allowing them to harvest personal information or use the machine to send spam messages. In recent years, PDFs have become a popular means of sharing documents that are not easily altered by the recipient.

In a security advisory, Adobe said: “There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat”. Whilst it works to fix the problem, the company suggests upgrading to the latest versions of their software, which appear to be less vulnerable”.

Alternatively, the company said that advanced Reader and Acrobat users could delete or rename the “authplay.dll” file on their system but that doing so means users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash content. Keeping anti-virus software up to date will also help to avoid problems.

If you feel that your network is at risk or that your PCs may have been affected by this vulnerability, call Responza at (206) 762-5100 for advice and support.