Adobe Systems Inc. plugged a dangerous Flash Player vulnerability and corrected 20 flaws in its Adobe Reader and Acrobat software, issuing critical security updates for the widely used software.
Attackers are actively targeting the Flash Player vulnerability,
"The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows," Adobe said.
Adobe is urging Windows users of Acrobat and Reader 9.5.2 to apply the security update, because exploits for attackers to target the flaws were likely. The update corrects a variety of Acrobat and Reader coding errors that could lead to memory corruption and heap and buffer overflow conditions. The security update also applies to users of Adobe Reader X and Acrobat X running on Mac and Windows.
In addition, Adobe issued an update correcting five vulnerabilities in Shockwave Player. The update affects version 220.127.116.115 and earlier. The flaws "could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system," Adobe said.