Adobe Flash Player discloses second zero-day vulnerability in four weeks


Adobe Flash Player discloses second zero-day vulnerability in four weeks

Warwick Ashford

Adobe has announced a critical vulnerability in Flash Player, just four weeks after Adobe warned of a previous Flash vulnerability.

The vulnerability, which affects Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, could cause a crash and potentially allow an attacker to take control of the affected system.

The vulnerability affects version and earlier for Chrome users and version and earlier versions for Android.

Adobe warned of a vulnerability in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

But, the company says Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

There are reports this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file, delivered as an e-mail attachment, targeting the Windows platform.

However, Adobe says the company is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.

The company also points out that the risk for Adobe Reader X users is significantly lower, because this issue does not bypass Adobe Reader Protected Mode.

Adobe says it is in the process of finalising a schedule for delivering updates for all affected products, except Adobe Reader X.

"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June, 2011," the company said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy