Security Management Strategies for the CIOAdobe Systems Inc. on Monday warned of a zero-day in its Flash Player that's being exploited in the wild on Windows systems.
The flaw could cause a crash and allow an attacker to take control of a system, Adobe said in its security advisory. Monday's warning comes less than a week after Adobe warned of a critical zero-day flaw in its Reader and Acrobat software.
The vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. The flaw also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. Adobe said it's not aware of any attacks exploiting the vulnerability against Reader or Acrobat.
Adobe said it plans to fix the flaw with an update for Flash Player for Windows, Macintosh, Linux, Solaris and Android the week of Sept. 27 and updates for Reader and Acrobat the week of Oct. 4.
The Oct. 4 updates also will include a fix for the vulnerability in last week's advisory. Adobe said the Reader and Acrobat updates are an accelerated release of its next quarterly security update, which was originally scheduled for Oct. 12.
On Friday, Adobe provided a mitigation measure from Microsoft
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
for the Reader and Acrobat flaw. The company said those using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can use Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent the vulnerability from being exploited.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation