Adobe warns of zero-day hole in Flash Player

Adobe Systems to fix Flash Player and Adobe Reader and Acrobat holes during the week of October 4.


Adobe Systems on Monday warned of a zero-day hole in Flash Player that reportedly is being exploited in the wild and could allow an attacker to take control of a computer.

The critical vulnerability affects Adobe Flash Player and earlier versions for Windows, Mac, Linux, Solaris, and Android. It also affects Adobe Reader 9.3.4 and earlier version for Windows, Mac, and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac. Adobe is not aware of any attacks exploiting the hole against Adobe Reader or Acrobat, the company said in its security advisory.

Adobe is finalizing a fix for the hole and expects to provide an update for Flash Player for Windows, Mac, Solaris, and Android during the week of September 27, the advisory said. Updates for Adobe Reader are expected during the week of October 4.

Adobe is moving up the date of its next quarterly security update for Adobe Reader and Acrobat and will also release a patch the week of October 4 for a critical zero-day hole in Adobe Reader and Acrobat that was disclosed last week and is being exploited in attacks on. As a result, there will be no updates on October 12, which was the next scheduled quarterly release date.

In the meantime, Microsoft has a tool that can help block the attacks on Adobe Reader and Acrobat on Windows machines.

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.


Discuss Adobe warns of zero-day hole in Flash Player

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Articles from CNET
The truth about Ultra HD 4K TV refresh rates