James Delahunty
29 Oct 2010 17:01
Adobe has revealed the discovery of a zero-day vulnerability that affects its Flash player, Reader and Acrobat software.
The vulnerabilities can be used by malicious users to run arbitrary code on a victim's computer, according to the advisory published by Adobe. The company said that the vulnerability affects version 10.1.85.3 and earlier of Flash Player for the Windows, Macintosh, Linux and Solaris operating systems.
The authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Mac and Linux is also at risk, while mobile users are also vulnerable as Adobe Flash Player 10.1.95.2 and earlier versions for Android are vulnerable.
Adobe Acrobat 9.4 and previous 9.x versions are also vulnerable for Windows and Mac.
Adobe is working on a fix for the unpatched flaw and expects to provide an update by November 9th, while following with fixes for Adobe Reader and Acrobat during the week of November 15th, which unfortunately gives plenty of time to malware peddlers to attack.