Adobe Systems Inc. has issued an out-of-band security patch for Flash Player, blocking a serious zero-day vulnerability that could enable an attacker to take complete control of a victim's system.
The vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. In an Adobe security advisory issued Monday, the company said the flaw could cause Flash Player to crash, enabling an attacker to execute code on a victim's system.
The Flash Player vulnerability also affects Adobe Reader and Adobe Acrobat 9.3.4 for Windows, Macintosh and Unix.
"There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows," Adobe said in its advisory. "Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date."
Adobe said it would issue an update for Reader and Acrobat the week of Oct. 4, a week ahead of the applications' scheduled quarterly patch release. The company said those using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can use Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent the vulnerability from being exploited.