Adobe has announced about a critical 0-day vulnerability for Adobe Flash and Acrobat reader software. Using this exploit an attacker can gain complete control of targeted machine.
Adobe Team has planned schedule for a patch to fix this issue. According to information available Patch for Flash Player 10 will be released on June 10 but users of Adobe reader and Acrobat 9 users have to wait until June 29 to get the patch. The exploit has affected all major Operating systems like Windows, Mac OS X, Linux and Solaris .
Adobe is offering mitigation instructions on their website for Windows, Unix and Macintosh.
Adobe Reader and Acrobat – Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
Adobe Reader 9.x – Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Acrobat Pro 9.x – Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro
3) Select Show Package Contents
4) Go to the Contents->Frameworks folder
5) Delete or move the AuthPlayLib.bundle file
Adobe Reader 9.x- UNIX
1) Go to installation location of Reader (typically a folder named Adobe)
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris)
3) Remove the library named “libauthplay.so.0.0.0″
