Adobe warns that zero-day flaw in Flash and Acrobat being exploited in the wild

Adobe is warning of a "criticai" vulnerability in its Flash Player, Adobe Reader and Acrobat software , installed on almost all PCs, which it says is already being exploited by hackers and which "could potentially allow an attacker to take control of the affected system". All platforms - Windows, Mac OS X, Linux and Solaris - are vulnerable, says Adobe. The affected versions are: Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris; Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. Windows users who want to continue to read PDFs can choose from a variety linked to on Wikipedia , or see Jack's recommendations from January - though not Adobe itself, obviously. Apple users may wish to avoid using Adobe Reader or Acrobat by using OS X's built-in Preview app, which is anyway a lot less hassle than Adobe Reader, especially on OS X. There's no schedule yet for a fix, but some people are deciding that the best way to avoid the risk is to download the Flash Player 10.1 Release Candidate - and Adobe says that it "does not appear to be vulnerable". It adds that "Adobe Reader and Acrobat 8.x are confirmed not vulnerable." But the vulnerability will still persist - and seems to lie in the authplay.dll file: Adobe recommends that "Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF [Flash] content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat." As with all such security warnings, there is a lot of over-reaction, and we've already seen one super-over-excited email which suggests that the flaw will let hackers take over your computer, siphon your bank account, kick the cat, cancel your house insurance and leave a rude message on your mother-in-law's answering machine. That's not quite the case, but until Adobe has a fix, it's best to be wary.