Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
First published: 2010.06.07
Updated: 2010.06.11
Updated: 2010.06.30
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions, the authplay.dll component that is part of Adobe Reader and Acrobat version 9.3.2 and earlier 9.x versions.
Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
Adobe Reader and Acrobat version 8.x are not vulnerable.
More information is available in Adobe's security advisory 10-01.
As of this writing no updates are available. There are reports that this vulnerability is being actively exploited.
This security advisory will be updated when more information is available.
Update 11 June 2010
Adobe has released an update to Adobe Flash Player. See Adobe's security bulletin 10-14 for more information and updating instructions.
An update which plans to solve this security issue for Adobe Acrobat and Reader is scheduled for 29 June.
Update 30 June 2010
Adobe has released updates to Adobe Acrobat and Reader. See Adobe's security bulletin 10-15 for more information and updating instructions.
