When Adobe released Acrobat 9 last year, the company introduced support for embedding Flash media in PDF files. This feature is now being used by attackers who are exploiting a new vulnerability in Adobe's Flash media plugin. The vulnerability allows remote code execution, making it a potential vector for malware deployment.
Adobe's security response team issued a statement on Wednesday, confirming the existence of a critical Flash vulnerability that is actively being exploited. The attacks are currently targeted against Acrobat Reader on the Windows platform. Adobe is working to address the problem and says that a fix will be ready by July 30.
As a temporary measure to eliminate the security risk, Adobe recommends disabling Flash support in Acrobat Reader by renaming or deleting the "authplay.dll" file. Doing so will cause Acrobat Reader to abort when it attempts to reads a Flash-enabled PDF.
The US Computer Emergency Readiness Team (US-CERT) has published a cybersecurity alert about the vulnerability and warns that it could potentially be exploited by malicious web sites in addition to PDFs. US-CERT echoes Adobe's recommendation to disable Flash in Acrobat, but also suggests disabling it in browsers too.
Security vendors McAfee and Symantec have both commented on the issue and provided some technical insight. According to Symantec, one known exploit of this vulnerability, which they have designated Trojan.Pidief.G, uses a heap spraying technique.
So until Abobe has released a fix you might want to be careful about which PDF’s you open or do as Adobe advises and rename your authplay.dll.