Danish Security company Secunia reported that more than 9 out of 10 Windows users are susceptible to the Flash zero-day vulnerability — that Adobe has reportedly known about since the end of 2008 — that won’t be patched by Adobe until later this week.
Secunia says that over 90% of Windows PCs run the vulnerable version of Flash and 48% of Windows PCs have buggy Adobe PDF Readers.
92% of the 900,000 users who recently ran Secunia’s Personal Software Inspector (PSI) utility have Flash Player 10 running on their PCs and 31% have Flash Player 9 — some users have both versions so the total exceeds 100% — according to Secunia.
Secunia’s PSI tool scans your computer to see what applications are installed and then checks to see if you have the most current version. If it finds a newer version of a program, it offers you a link to get it.
Rigged PDF Files Have Infected Several Users
The two most current versions of Adobe’s Flash Player are vulnerable to drive-by attacks on malicious and legitimate sites that have been compromised by hackers. According to Computer World, Antivirus vendors have reported hundreds, in some cases thousands, of sites being used to launch these drive-by Flash attacks.
Secunia’s PSI tool report results revealed that Adobe’s current PDF Reader version 9.1.2 is installed on 48% of PCs and Adobe Acrobat version 9.1.2 is installed on 2% of PCs. Both current versions include an interpreter to handle Flash content that is embedded in PDF files which can also be exploited. Rigged PDF files have infected several users.
Adobe is planning to patch the Flash vulnerability by July 30 and to patch the PDF Reader and Acrobat by July 31 of this year.
As noted by Computer World, Adobe has been hit with a slew of security emergencies this year. Until patches are issued by Adobe, users don’t have many options. Adobe recommends deleting, disabling or renaming “authplay.dll,” the flawed component that is being exploited. Information on how to do that can be found in this security bulletin from Adobe and upates on the vulnerabilities can be found on Adobe’s Product Security Incident Response Team (PSIRT) web site.