Adobe fixes critical Flash Player, Reader, Acrobat X flaws

The serious vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.

A week after warning of an ongoing attack targeting a critical zero-day vulnerability in Adobe Flash Player, Adobe Systems Inc. has issued fixes for the vulnerability, as well as others affecting Adobe Reader and Acrobat X.

In a security bulletin issued Monday, the company recommends immediate updates for users of Adobe Flash Player and earlier versions (Adobe Flash Player and earlier versions for Chrome users) for Windows, Macintosh, Linux, Solaris and earlier versions for Android.

Adobe issued an advisory March 14, warning that ongoing attacks used Microsoft Excel files containing an embedded malicious Flash file that attempts to exploit the new Flash Player zero-day vulnerability.

Chrome users benefited from earlier protection, thanks to fast work by Google, which managed tofix the Flash Player vulnerability before Adobe issued its own, according to Chester Wisniewski on the Sophos Naked Security blog.

In a separate security bulletin, Adobe tackled a security problem that affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. Again, the company recommends immediate updates to cure the vulnerability, listed as critical.

Read more on Privacy and data protection