While looking for other technical stuff in the forums, noticed a lot of threads on this subject. Adobe seems to be at the center of this again... would advise you use something else where possible.
http://forums.worldofwarcraft.com/thread.html?topicId=25170443008&sid=1--------------------------------------------------------------------------------
Q u o t e:
A critical vulnerability has been discovered in Adobe Flash Player 10.0.45.2 and Adobe Reader/Acrobat 9.x, and could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash 10.1, Release Candidate 7 (available at
http://labs.adobe.com/technologies/flashplayer10/), does not appear to contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible. Earlier versions of Adobe Reader and Acrobat, specifically version 8.x, do not appear to contain this vulnerability, either.
For more information, please visit Adobe.com:
http://www.adobe.com/support/security/advisories/apsa10-01.html Get an Authenticator if you haven't got one already. Get your very own guard dog and secure your account at the same time. Visit
http://us.battle.net/security for more info!
I would also like to add that this is NOT a virus. The only way to protect yourself from this kind of vulnerability is to keep your system up-to-date in all ways, including Flash.
--------------------------------------------------------------------------------
Security Advisory for Flash Player, Adobe Reader and Acrobat
Release date: June 4, 2010
Last updated: June 10, 2010
Vulnerability identifier: APSA10-01
CVE number: CVE-2010-1297
Platform: All
Summary: A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
Adobe has released a product update to Adobe Flash Player to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-14.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010. Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated scheduled we do not plan to release any new updates for Adobe Reader and Acrobat on July 13, 2010.
Affected software versionsAdobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris
Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX
Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable.
MItigationsAdobe Flash Player
Adobe has released a product update to Adobe Flash Player to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-14.
Adobe Reader and Acrobat - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Adobe Reader 9.x- UNIX
1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named "libauthplay.so.0.0.0"
Severity ratingAdobe categorizes this as a critical issue.
DetailsA critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation is available for Adobe Reader and Acrobat 9.x customers as detailed above.
Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.
Adobe has released a product update to Adobe Flash Player to resolve the relevant security issue. For more information, please refer to Security Bulletin APSB10-14.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010. Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated scheduled we do not plan to release any new updates for Adobe Reader and Acrobat on July 13, 2010.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL:
http://blogs.adobe.com/psirt or by subscribing to the RSS feed here:
http://blogs.adobe.com/psirt/atom.xml.RevisionsJune 10, 2010 - Advisory updated with link to Security Bulletin APSB10-14 that resolves the security issue for Adobe Flash Player.
June 8, 2010 - Added information to note that the upcoming Adobe Reader and Acrobat update represents the next quarterly security release, originally scheduled for July 13, 2010.
June 7, 2010 - Update schedule information added, and instructions for Macintosh and UNIX added to 'Mitigations' section.
June 4, 2010 - Advisory released.
