Adobe has announced that there is a critical vulnerability in Adobe Flash Player, Reader and Acrobat for Windows, Mac, Linux and Solaris that could allow attackers to take control of the affected system.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat," Adobe said.
Adobe does not have a fix available, but has suggested some workarounds in a security advisory.
Versions of Adobe Flash affected include 10.0.45.2, 9.0.262, 10.0.x and 9.0.x, Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions are also affected.
But the Flash Player 10.1 Release Candidate does not appear to be vulnerable, Adobe said.
Adobe has also confirmed that Adobe Reader and Acrobat 8.x are not vulnerable.
The latest information will be posted on the Adobe Product Security Incident Response Team blog, the company said.
According to Brad Arkin, Adobe's director of security and privacy, the firm's security team has improved internal processes and is able to get a fix for extremely urgent zero-day vulnerability out within 15 days, which means a patch could be released around 20 June.
But Arkin said less urgent bug fixes could take up to 90 days, depending when the vulnerability is identified, to fit in with scheduled security updates.