Adobe Systems Inc. plugged a dangerous Flash Player vulnerability and corrected 20 flaws in its Adobe Reader and Acrobat software, issuing critical security updates for the widely used software.
Attackers are actively targeting the Flash Player vulnerability, Adobe warned. Researchers have detected an attack using a malicious .SWF file embedded in a Microsoft Word document. If a victim opens the document, it could cause the application to crash and potentially allow an attacker to take control of the affected system, Adobe said. The security update affects Adobe Flash Player 11.3.300.270 and earlier versions running on Windows, Macintosh and Linux.
"The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows," Adobe said.
Adobe is urging Windows users of Acrobat and Reader 9.5.2 to apply the security update, because exploits for attackers to target the flaws were likely. The update corrects a variety of Acrobat and Reader coding errors that could lead to memory corruption and heap and buffer overflow conditions. The security update also applies to users of Adobe Reader X and Acrobat X running on Mac and Windows.
In addition, Adobe issued an update correcting five vulnerabilities in Shockwave Player. The update affects version 220.127.116.115 and earlier. The flaws "could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system," Adobe said.