Adobe Systems Inc. issued an update for users of its Reader and Acrobat products, fixing a serious Flash Player zero-day vulnerability that has been an active target of attackers.
Attacks targeting the vulnerability have used specially crafted Flash files embedded in a Microsoft Word document or Excel spreadsheet and delivered them as an attachment. The flaw enables an attacker to execute malicious code and gain control of a victim’s machine.
Adobe addressed the vulnerability in its Flash Player earlier this month. The company is advising users of Mac OS X and Windows to use update utilities to acquire the patch.
Adobe said it would issue a fix for Adobe Reader X for Windows during its regularly scheduled update on June 14. Adobe said the flaw is not as serious for Reader X, because running that version of the product in Protected Mode prevents the exploit from executing.
Current Adobe Reader products for UNIX, Adobe reader for Android, and Adobe Reader and Acrobat 8 remain unaffected by this vulnerability.