Flaw Revealed in Adobe Acrobat and Flash

All this Flash/Apple stuff is irritating, and at this point, it’s a bit of a broken record. But this weekend, I noticed something about Flash that kind of bugged me.

I was chugging along on my work, doing the usual stuff, and my iStat readings in my menu bar say that my MacBook Pro is around 135 degrees. I turn on Penny Arcade’s PATV channel to watch the latest episode while I work on a spreadsheet. I’ve got SMC Fan Control set on 4500 RPM, and the only difference is this program that I’m watching, running on Flash.

The video is about to end and I look at the temp. It shot up to 168 degrees in under 5 minutes, while my fans are running at more than twice the normal speed for the computer. The taxing on the processor is amazing.

Anyways, Bit-Tech is reporting that Adobe Reader, Acrobat and Flash Player are all vulnerable to a remote attack.

The vulnerabilities – which are regarded by the company to be ‘critical’ – affect Adobe Reader, Acrobat, and Flash Player on Windows, Mac OS X, Linux, Solaris, and UNIX-based systems – in other words, every single platform the packages are currently available for.

The issue – which it is believed relates to the way that Acrobat handle ShockWave-format content embedded within files – can be mitigated by deleting the file authplay.dll from your installation directory. While this will result in Adobe Acrobat and Reader crashing should you open a PDF file containing ShockWave content, it’ll prevent maliciously-crafted files from having their wicked way with your system.

Currently, there is no known workaround for the issue in Adobe Flash Player – although the company’s director of product security Brad Arkin states that Adobe is working on a patch as quickly as possible. For now, the only way to be safe out there is to either uninstall the Flash Player plugins from your system, or to upgrade to the release candidate of Flash Player 10.1 which is not thought to be vulnerable.

OS X isn’t perfect, and there are vulnerabilities in Snow Leopard as well – or there may be ones waiting to be found. But if you need another reason why Apple doesn’t want Adobe on the iPhone, here you go.

No comments yet. Leave one below!

Speak Your Mind

*