Adobe Systems Inc. is set to release an out-of-cycle update to its popular Flash Player for Adobe Reader and Adobe Acrobat software, today, fixing a critical flaw that could give malicious hackers control of victims' machines.
The flaw exists in Adobe Flash Player 10.0.45.2 and earlier versions running on all operating systems. Adobe corrected the flaw in Flash for Windows, Macintosh and Linux on June 10. Brad Arkin, director of product security and privacy at Adobe said the issue would be addressed in Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29.
"The accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities," Arkin wrote in a blog entry outlining the rushed patch schedule. Today's release was scheduled for July 13.
A memory corruption error within a component of the player can crash, allowing an attacker to execute code remotely and take control of a victim's computer.
Adobe's widely used software is being targeted more often by attackers. The attacks have forced the software vendor to focus on secure software development. Despite the use of a number of different dynamic and static analysis tools to test for errors, malicious hackers continue to find zero-day vulnerabilities in the software.
The Flash vulnerability surfaced earlier this month with reports that attackers were actively targeting the vulnerability. Attackers trick users into clicking on SWF files or embed the SWF files directly into Adobe Reader and Acrobat files.
~ Robert Westervelt