A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
They advise to either delete/rename authplay.dll (but hold onto it, you might need it later, and your Adobe may crash when you use it) or, as I did, upgrade to Flash Player 10.1 Release Candidate, as it does not appear to be vulnerable.
This bug was noted about 2 months ago, so no suprise there’s an exploit in the wild now. Adobe has become a sloth. They’ve had 10 in beta now for close to a year, with an ever slipping launch date.
As much as I like it, if they don’t watch out and get back on the ball other tech (that’s are prematurly saying they’re eatting Adobe’s lunch) may actually start doing so.
And HTML5 just routes around Flash, right?