Adobe has posted a security advisory for Adobe Reader, Acrobat and Flash Player. The company states that a critical vulnerability is present in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macs and UNIX operating systems and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x on the same operating systems.The vulnerability (CVE-2009-1862) could cause a crash and allow an attacker to gain control of the compromised system. It is reportedly being exploited in targeted attacks against Adobe Reader v9 on Windows. Naturally, a fix is in the works and is expected to be delivered by the end of the week.
For the time being, users can mitigate the threat by deleting, renaming or removing access to authplay.dll. Doing so will cause your program to crash when attempting to view a PDF containing SWF content, however. Adobe is also recommending that users enable UAC and that they avoid untrusted websites using Flash.
