Adobe Flash Player & Reader Unspecified Code Execution Vulnerability Discovered

Adobe said that it has detected attacks on a "zero day" flaw in its Reader, Acrobat and Flash apps. No patch exists as yet for the flaw but the company has issued a workaround for IT administrators to implement to ward off intruders. Danish security analysts Secunia rate the flaw as "Extremely critical.""This vulnerability could […]

Adobe said that it has detected attacks on a "zero day" flaw in its Reader, Acrobat and Flash apps. No patch exists as yet for the flaw but the company has issued a workaround for IT administrators to implement to ward off intruders. Danish security analysts Secunia rate the flaw as "Extremely critical."

"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system,2 said Adobe in a security advisory.

"There're reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe isn't currently aware of attacks targeting Adobe Flash Player."

All versions of Flash on Windows, Mac, Linux and Android are vulnerable, which also affects the Authplay component of Reader and Acrobat 9.x that renders Flash in PDFs.

A full patch for Reader and Acrobat is expected by November 15th and the Flash flaw will be fixed a week earlier.

It's doing to be a busy day for Adobe users, as the company has also released a fix to a previous flaw in Shockwave for Windows and Macintosh."

[Source: 1, 2]