Adobe issued a critical security advisory for Adobe Flash Player and Acrobat Reader on Monday that warns of a zero-day exploit found in Flash Player for Windows, OS X, Linux, Solaris, and Android, as well as the authplay.dll component that ships with Adobe Reader and Acrobat X for Windows and Mac.
This vulnerability could cause a crash and potentially allow an attacker to assume control of a system. Unfortunately, there are already attacks floating about the Internet in the form of a Flash file embedded within an Excel document.
The affected versions of Flash Player and Acrobat Reader include:
- 10.2.152.33 or earlier for Windows, Mac, Linux and Solaris
- 10.2.154.18 for Chrome
- and 10.1.106.16 for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
A fix is in the works and should be released during the week of March 21st. Interestingly, if you’re using Acrobat X on Windows, a patch won’t be released until the next regular patch cycle scheduled for June because Acrobat X’s sandboxing feature — a feature not yet found in the versions of Reader for other platforms — offers extra protection to the underlying OS.
In the mean time, as we wait on the patch from Adobe, please practice safe computing, pay attention to the links you click, and don’t open unexpected attachments.
For more information:
http://www.adobe.com/support/security/advisories/apsa11-01.html