The SANS Internet Storm Center is reporting that an exploit for the vulnerability in Adobe’s Flash Player, Reader, and Acrobat is circulating “in the wild” on the Internet. Unfortunately, there is not, strictly speaking, a patch available yet from Adobe; although one for Flash Player is promised for tomorrow. patches for Reader and Acrobat will not be available until about the end of the month.
Adobe does suggest two mitigation steps that are possible in the mean time. The first, for Flash Player, requires installing a Release Candidate version 10.1 (RC 7) of the player,which can be downloaded, for Windows, Mac OS X, and Linux, from this Adobe Labs page. This version can be installed in the normal way, and will replace the existing installed version. I have tested this version on Windows XP, Windows Vista, and Ubuntu Linux 8.04, and it works fine with Firefox, Chrome, and Opera browsers on all platforms.
The second mitigation is for Reader and Acrobat; the vulnerable component is a library that allows the display of Flash content within PDF documents. This is slightly trickier, since it requires manual intervention; you will need system administrator / root privileges. I have tried it on Windows and Linux, as above, and it works OK.
On Windows systems, this library is called authplay.dll, and it is typically located in
C:\Program Files\Adobe\Reader 9.0\Reader. You can delete or rename (recommended) this file to prevent exploits from working; the downside is that Reader or Acrobat willl crash if you attempt to open a PDF document with Flash content.
On Linux systems the library is called libauthplay.so.0.0. Its installation location may vary, depending on your Linux distribution; for Ubuntu, Debian, and other Debian-derived distros, it will generally be found in
/opt/Adobe/Reader9/Reader/intellinux/lib/. (This directory will be part of the sub-tree that contains the executable program; if you have trouble finding it, try
which acroread from the command line.) As with Windows, you can remove or rename this file, or just change its permissions mask to ‘600’. (I am assuming you are not so foolish as to run as ‘root’ on a routine basis.) As with Windows, the downside is that the application will crash if you try to open a PDF that has Flash content.
I’m sorry that I can’t give instructions for Mac OS X, since I don’t have a test system available, but the Adobe Security Advisory [APSA 10-01] has an outline of the steps necessary.
I’ll post updates here when regular patches become available. I do suggest applying the temporary fix for Flash Player as soon as you can. Because this software is so widely installed, and because so many Web sites now use Flash (pace, Steve Jobs), it is likely to be a very tempting target for the Bad Guys.