Adobe announced that a “critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.”
The Company is feverishly working on a fix, but you should know the only active use of this vulnerability is targeted at Windows users. Adobe promises a fix by July 31st, and until then you can avoid unfamiliar or untrusted web sites that employ Flash. To be 100% sure you’re protected (to take this step would make you an official tinfoil hat brigade member…), you can delete or rename the following files:
/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle
and
/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework
You’ll need to right-click on the Adobe Reader application and select Show Package Contents to access these files. I’d recommend simply deleting Adobe Reader entirely and using Preview full-time, but for some of us there are some truly useful features in Adobe Reader.