Adobe Flash Player discloses second zero-day vulnerability in four weeks

Adobe has announced a critical vulnerability in Flash Player, just four weeks after Adobe warned of a previous Flash vulnerability.

Adobe has announced a critical vulnerability in Flash Player, just four weeks after Adobe warned of a previous...

Flash vulnerability.

The vulnerability, which affects Flash Player and earlier versions for Windows, Macintosh, Linux and Solaris, could cause a crash and potentially allow an attacker to take control of the affected system.

The vulnerability affects version and earlier for Chrome users and version and earlier versions for Android.

Adobe warned of a vulnerability in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

But, the company says Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

There are reports this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file, delivered as an e-mail attachment, targeting the Windows platform.

However, Adobe says the company is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.

The company also points out that the risk for Adobe Reader X users is significantly lower, because this issue does not bypass Adobe Reader Protected Mode.

Adobe says it is in the process of finalising a schedule for delivering updates for all affected products, except Adobe Reader X.

"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June, 2011," the company said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: