Adobe Warns of Another 'Critical' PDF Vulnerability
Adobe Systems says this latest security flaw is being exploited by hackers to take over control of computers running its popular PDF viewing application.
Adobe Systems this week acknowledged that yet another hole in the popular Flash, Reader and Acrobat 9.x applications is opening up users' PCs and mobile devices to attacks from hackers looking to steal sensitive data and install malware.
In its latest security advisory, Adobe said the critical vulnerability exists in Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux and Solaris; Flash Player 10.1.95.2 and earlier versions for Android, Google's mobile operating system; and the authplay.dll component that ships with Reader 9.4 and Acrobat 9.4 and earlier 9.x versions for both apps.
"This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x."
Company officials said they were not aware of attacks targeting Adobe Flash Player at this time.
Just as it did with previously discovered critical vulnerabilities with its most popular applications, Adobe is racing to push out a fix for this security hole, promising an update for Flash Player by Nov. 9 and updates for Reader and Acrobat sometime during the week of Nov. 15.
In August, Adobe quickly resolved a similar threat to another PDF vulnerability that allowed hackers to install and execute malicious code on machines running compromised versions of Reader.
Separately, Adobe released a fix for a hole in its Shockwave Player app that was discovered last week.