News

Adobe Flash Player discloses second zero-day vulnerability in four weeks

Adobe has announced a critical vulnerability in Flash Player, just four weeks after Adobe warned of a previous Flash vulnerability.

The vulnerability, which affects Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris, could cause a crash and potentially allow an attacker to take control of the affected system.

The vulnerability affects version 10.2.154.25 and earlier for Chrome users and version 10.2.156.12 and earlier versions for Android.

Adobe warned of a vulnerability in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

But, the company says Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

There are reports this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file, delivered as an e-mail attachment, targeting the Windows platform.

However, Adobe says the company is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.

The company also points out that the risk for Adobe Reader X users is significantly lower, because this issue does not bypass Adobe Reader Protected Mode.

Adobe says it is in the process of finalising a schedule for delivering updates for all affected products, except Adobe Reader X.

"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June, 2011," the company said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy