College Navigation

Information Technology News

UPDATE - Important Vulnerability Notice for Adobe

Last updated: August 15, 2009

Note: This story may not be current. It is part of the IT News Archive, and exists as a historical document.

Note: This story was previously published as an IT Service Alert on August 7, 2009.

Following up on an alert we posted recently, Adobe has released patches for a vulnerability affecting certain versions of Adobe Flash Player, Acrobat, and Reader, described in the advisory below. It's important to point out that since this vulnerability potentially affects Windows, Mac, and Unix operating systems, as well as any browser that supports Flash, it has the potential to affect a wide variety of computers.

We encourage you to follow the recommendation that is summed up in the advisory below: A patch has been issued by Adobe for this vulnerability. Apply the patches provided by Adobe to vulnerable systems immediately after appropriate testing. The patches are available from Adobe's security bulletin.

If you need assistance or further information, contact the IT Support Center at (713) 743-1411 (24 hours a day, 7 days a week), or contact your local IT support provider.


UPDATED Version of Our Earlier Alert

Source: State of Texas Department of Information Resources (DIR))

SYSTEMS AFFECTED:

  • Adobe Flash Player 10.0.22.87
  • Adobe Flash Player 9.0.159.0
  • Adobe Reader 9.x
  • Adobe Acrobat 9.x

ORIGINAL DESCRIPTION:

A vulnerability has been identified in multiple Adobe products that could allow for remote code execution. The vulnerability is triggered by opening a specially crafted Flash (.swf) file or by opening a .pdf file with a malicious embedded flash application. The vulnerability affects the 'flash9f.dll' (used by Adobe Flash) and 'authplay.dll' (used by Adobe Reader 9.x and Adobe Acrobat 9.x) modules within the Adobe ActionScript Virtual Machine.

Successful exploitation may result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with user level of logged on user. Failed exploitation could result in denial-of-service conditions.

Adobe recommends disabling Flash and 3D & Multimedia support in Adobe Acrobat and Adobe Reader 9 to temporarily mitigate this vulnerability.

To disable Flash and 3D & Multimedia support in Adobe Reader 9 on Microsoft Windows, delete or rename these files:

"%ProgramFiles% AdobeReader 9.0 Readerauthplay.dll"
"%ProgramFiles% AdobeReader 9.0 Readerrt3d.dll"

To disable Flash and 3D & Multimedia support in Adobe Acrobat on Microsoft Windows, delete or rename these files:

"%ProgramFiles% AdobeAcrobat 9.0 Acrobatauthplay.dll"
"%ProgramFiles% AdobeAcrobat 9.0 Acrobatrt3d.dll"

The above mitigation steps will result in reduced functionality within Adobe Acrobat and Acrobat Reader applications. The file locations listed above may vary due to customized installations of Adobe Acrobat applications.

There is no patch available at this time.

It should be noted that this vulnerability is being actively exploited on the Internet.

AUGUST 3 UPDATED DESCRIPTION:

A patch has been issued by Adobe for this vulnerability.

ORIGINAL RECOMMENDATIONS:

We recommend the following actions be taken:

  • Rename or delete the files listed above.
  • Remind users not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not open email attachments from unknown or un-trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

AUGUST 3 UPDATED RECOMMENDATIONS:

  • Apply the patch provided by Adobe to vulnerable systems immediately after appropriate testing.

REFERENCES:

Adobe:
http://www.adobe.com/support/security/advisories/apsa09-03.html

Security Focus:
http://www.securityfocus.com/bid/35759

US-CERT:
http://www.kb.cert.org/vuls/id/259425

Symantec:
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability

IT-ISAC:
https://www.it-isac.org/postings/cyber/alertdetail.php?id=4649

AUGUST 3 UPDATED REFERENCES:

Adobe:
www.adobe.com/support/security/bulletins/apsb09-10.html

CVE:
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862