Adobe Warning Issued For Potential of Attacks on Flash Player Vulnerability

Adobe has issued a warning about a critical vulnerability in Flash that impacts Adobe Reader and Acrobat.

Kaspersky Labs' Threat post reports that the Flash Player vulnerability is a bug that can be used by remote attackers to run arbitrary code and that Adobe has already seen some attacks capitalizing on this.

Adobe issued a security advisory that the vulnerability exists in the following software versions:

• Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.18 and earlier for Chrome users
• Adobe Flash Player 10.1.106.16 and earlier for Android
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

There have been some reports of this vulnerability being exploited by embedding a Flash .swf file within a Microsoft Excel (.xls) file being delivered in an email attachment.

Adobe states they are not aware of specific attacks utilizing Adobe Reader and Acrobat.

A fix for this issue is in the works scheduled for release by March 21, 2011.

Even though the new Flash bug apparently wouldn't be exploitable in Reader X, Adobe plans to update that application in its scheduled quarterly Reader patch release on June 14, 2011.

While you're updating your Flash player, take a peek at your antivirus software and make sure it's up to date, too. After all, it's your last line of defense.