With a new potential vulnerability announced for Adobe Reader and a new security update to help fix a serious flaw in Adobe Flash Player, last weekend was a busy time for Adobe Systems Inc.
The company said it is investigating the publication of a proof-of-concept code demonstrating a denial of service (DoS) attack targeting a zero-day vulnerability in Adobe Reader. The company said it has detected no incidents of the code being used by attackers.
The framework can be applied to Adobe Reader 9.2 and later, and Adobe Read 8.1.7 and later. Detailed instructions for how to make the changes, for both Windows and Mac systems, are available on the Adobe PSIRT blog.
Adobe Flash Player
Adobe has issued Adobe Flash Player 10.1.102.64, fixing 18 critical vulnerabilities in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris. The vulnerabilities could cause the application to crash and allow an attacker to execute code to take control of an affected system.
A vulnerability in Adobe Flash Player 10.1.95.1 for Android operating systems will be fixed with an update due to be released Nov. 9.