Adobe Systems Inc. has issued an alert about a critical vulnerability in its Flash Player, Adobe Reader and Acrobat products that is being actively exploited in the wild.
In a security advisory released
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
late Friday, Adobe said the flaw could cause a crash and potentially allow an attacker to take control of a system. The company did not say when a patch would be available.
Trend Micro researchers reported on Saturday that they've seen malicious files exploiting the vulnerability.
According to the company, the vulnerability is in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.
The Flash Player 10.1 Release Candidate doesn't appear to be vulnerable and Adobe Reader and Acrobat 8.x have been confirmed not to be vulnerable, Adobe said.
Adobe said deleting, renaming or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for users of those products. However, the company warned of complications with that mitigation measure: "users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content."