Adobe: Zero-day attacks targeting Flash Player hole
An unpatched Flash Player vulnerability is being targeted in attacks on Windows-based computers, Adobe says.
Adobe today warned of a critical hole in Flash Player that is being exploited in the wild to take control of computers or cause them to crash.
"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform," the company said in an advisory. "At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing."
Adobe said it is "finalizing a schedule" for releasing updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.
Since Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, the company said it will address the issue in Adobe Reader X for Windows with the next quarterly security update, scheduled for June 14.
Last month, Adobe fixed a different critical vulnerability in Flash Player that affects Adobe Reader and Acrobat and which reportedly had been exploited in attacks via Flash files embedded in Excel files distributed via e-mail. Attackers exploited that hole to target employees at RSA and get access to data related to the SecurID authentication tokens, prompting RSA to warn customers that their systems may be weakened as a result.