Adobe has announced a critical vulnerability in Flash Player, just four weeks after Adobe warned of a previous...
The vulnerability, which affects Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, could cause a crash and potentially allow an attacker to take control of the affected system.
The vulnerability affects version 10.2.154.25 and earlier for Chrome users and version 10.2.156.12 and earlier versions for Android.
Adobe warned of a vulnerability in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.
But, the company says Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
There are reports this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file, delivered as an e-mail attachment, targeting the Windows platform.
However, Adobe says the company is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.
The company also points out that the risk for Adobe Reader X users is significantly lower, because this issue does not bypass Adobe Reader Protected Mode.
Adobe says it is in the process of finalising a schedule for delivering updates for all affected products, except Adobe Reader X.
"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June, 2011," the company said.