Adobe Systems Inc. on Monday warned of a zero-day in its Flash Player that's being exploited in the wild on Windows
The flaw could cause a crash and allow an attacker to take control of a system, Adobe said in its security advisory. Monday's warning comes less than a week after Adobe warned of a critical zero-day flaw in its Reader and Acrobat software.
The vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. The flaw also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. Adobe said it's not aware of any attacks exploiting the vulnerability against Reader or Acrobat.
Adobe said it plans to fix the flaw with an update for Flash Player for Windows, Macintosh, Linux, Solaris and Android the week of Sept. 27 and updates for Reader and Acrobat the week of Oct. 4.
The Oct. 4 updates also will include a fix for the vulnerability in last week's advisory. Adobe said the Reader and Acrobat updates are an accelerated release of its next quarterly security update, which was originally scheduled for Oct. 12.
On Friday, Adobe provided a mitigation measure from Microsoft for the Reader and Acrobat flaw. The company said those using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can use Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent the vulnerability from being exploited.