A week after warning of an ongoing attack targeting a critical zero-day vulnerability in Adobe Flash Player, Adobe Systems Inc. has issued fixes for the vulnerability, as well as others affecting Adobe Reader and Acrobat X.
In a security bulletin issued Monday, the company recommends immediate updates for users of Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, Solaris and earlier versions for Android.
Adobe issued an advisory March 14, warning that ongoing attacks used Microsoft Excel files containing an embedded malicious Flash file that attempts to exploit the new Flash Player zero-day vulnerability.
Chrome users benefited from earlier protection, thanks to fast work by Google, which managed tofix the Flash Player vulnerability before Adobe issued its own, according to Chester Wisniewski on the Sophos Naked Security blog.
In a separate security bulletin, Adobe tackled a security problem that affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. Again, the company recommends immediate updates to cure the vulnerability, listed as critical.