Adobe Warns of Another 'Critical' PDF Vulnerability


Adobe Systems this week acknowledged that yet another hole in the popular Flash, Reader and Acrobat 9.x applications is opening up users' PCs and mobile devices to attacks from hackers looking to steal sensitive data and install malware.

In its latest security advisory, Adobe said the critical vulnerability exists in Flash Player and earlier versions for Windows, Mac, Linux and Solaris; Flash Player and earlier versions for Android, Google's mobile operating system; and the authplay.dll component that ships with Reader 9.4 and Acrobat 9.4 and earlier 9.x versions for both apps.

"This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x."

Company officials said they were not aware of attacks targeting Adobe Flash Player at this time.

Just as it did with previously discovered critical vulnerabilities with its most popular applications, Adobe is racing to push out a fix for this security hole, promising an update for Flash Player by Nov. 9 and updates for Reader and Acrobat sometime during the week of Nov. 15.

In August, Adobe quickly resolved a similar threat to another PDF vulnerability that allowed hackers to install and execute malicious code on machines running compromised versions of Reader.

Separately, Adobe released a fix for a hole in its Shockwave Player app that was discovered last week.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.