Adobe Hustles to Release Flash Player Fix

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Adobe Systems today released a fix for what it described as a "critical" hole that hackers have successfully exploited in its Flash Player software.

In a security advisory, Adobe (NASDAQ: ADBE) officials said the vulnerability could allow attackers to take control of computers and mobile devices running Flash Player and earlier versions for Windows, Mac, Android, Solaris and Linux.

Adobe last week used its online security updater service to bring the security flaw to users' attention and promised a fix by the week of Sept. 27.

The problem was obviously severe enough to merit a speedier update.

"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe officials wrote in the advisory. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."

"Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date," it added.

Company officials said Adobe will provide updates for Adobe Reader 9.3.4 for Windows, Macintosh, Unix, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4.

Last month, Adobe rushed out an out-of-band patch for a .PDF vulnerability in its Acrobat Reader application ahead of schedule.

"Adobe recommends users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player, and users of Adobe Flash Player for Android update to Adobe Flash Player," Adobe officials said in the advisory.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Follow eSecurityPlanet on Twitter @eSecurityP.