News Stay informed about the latest enterprise technology news and product updates.

Adobe patches Flash Player vulnerability being actively targeted

Security researchers have detected attacks targeting users of Internet Explorer with a Flash file embedded in a Microsoft Word document.

Adobe Systems Inc. plugged a dangerous Flash Player vulnerability and corrected 20 flaws in its Adobe Reader and Acrobat software, issuing critical security updates for the widely used software.

Attackers are actively targeting the Flash Player vulnerability, Adobe warned. Researchers have detected an attack using a malicious .SWF file embedded in a Microsoft Word document. If a victim opens the document, it could cause the application to crash and potentially allow an attacker to take control of the affected system, Adobe said. The security update affects Adobe Flash Player 11.3.300.270 and earlier versions running on Windows, Macintosh and Linux.

"The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows," Adobe said.

Adobe is urging Windows users of Acrobat and Reader 9.5.2 to apply the security update, because exploits for attackers to target the flaws were likely. The update corrects a variety of Acrobat and Reader coding errors that could lead to memory corruption and heap and buffer overflow conditions. The security update also applies to users of Adobe Reader X and Acrobat X running on Mac and Windows.

In addition, Adobe issued an update correcting five vulnerabilities in Shockwave Player. The update affects version and earlier. The flaws "could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system," Adobe said.

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.