Adobe Systems has warned of a critical vulnerability in its Flash Player.
The vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system, the company said in a security advisory.
Adobe said there were reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x, but the company was not currently aware of attacks targeting Adobe Flash Player.
The vulnerability affects version 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, version 10.1.95.2 and earlier versions for Android, and version 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.
Adobe plans to provide a security update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by 9 November.
Updates for Adobe Reader and Acrobat 9.4 and earlier 9.x versions are planned for the week starting 15 November.
The warning comes just ahead of the planned release laster today of a fix for a critical vulnerability (CVE-2010-3653) in Adobe Shockwave Player 22.214.171.1242 and earlier versions on the Windows and Macintosh operating systems.
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.
"As of 27 October, Adobe is aware of reports of this vulnerability being exploited in the wild," the company said in a security advisory.