Adobe today released a fix for a critical vulnerability in Flash Player that affects Adobe Reader and Acrobat and which reportedly has been exploited in attacks via Flash files embedded in Excel files distributed via e-mail.
The vulnerability, reported last week, could allow an attacker to crash a system or take control of it. Adobe is not aware of attacks targeting Adobe Reader and Acrobat, the company said, also noting that Adobe Reader X Protected Mode, a sandboxing technique, prevents an exploit of this type from executing.
The bug has been identified in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android, according to the bulletin.
A separate bulletin fixes a related critical vulnerability in the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Adobe has made Reader 9.4.3 available for users of Adobe Reader 9.4.2 for Windows and Macintosh and recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2).
"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011," the company said.
Google included an updated version of Flash Player in a Chrome update last week.