Modernizing Authentication — What It Takes to Transform Secure Access
Adobe Systems today released a fix for what it described as a "critical" hole that hackers have successfully exploited in its Flash Player software.
In a security advisory, Adobe (NASDAQ: ADBE) officials said the vulnerability could allow attackers to take control of computers and mobile devices running Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Android, Solaris and Linux.
Adobe last week used its online security updater service to bring the security flaw to users' attention and promised a fix by the week of Sept. 27.
The problem was obviously severe enough to merit a speedier update.
"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe officials wrote in the advisory. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."
"Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date," it added.
Company officials said Adobe will provide updates for Adobe Reader 9.3.4 for Windows, Macintosh, Unix, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4.
Last month, Adobe rushed out an out-of-band patch for a .PDF vulnerability in its Acrobat Reader application ahead of schedule.
"Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1," Adobe officials said in the advisory.
Follow eSecurityPlanet on Twitter @eSecurityP.