Adobe discovers security flaw, fix on the wayPublish date: 15 March 2011 by Staff Writer
Adobe has posted a security bulletin warning Flash users of a newly discovered vulnerability that can be found within its Flash Player.
This vulnerability (CVE-2011-0609) exists within Flash Player 10.2.152.33, as well as earlier versions for Windows, Mac, Linux and Solaris operating systems (Flash Player 10.2.154.18 and earlier for Google Chrome users).
It also appears in Adobe Flash Player 10.1.106.16 and earlier versions for Google’s Android mobile OS, and the Authplay.dll component of Adobe Reader and Acrobat X (10.0.1) as well as earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Mac.
The critical issue could result in the OS crashing and potentially enables a hacker to cease control of the affected system.
According to the company there have been reports that this security flaw is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.
“At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.”
Adobe stated that it is busy finalising a fix for this issue and expects to make it available via an update for Flash Player 10.x and earlier versions for Windows, Mac, Linux, Solaris and Android.
It will also issue an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Mac, Adobe Reader X (10.0.1) for Mac, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of 21 March 21.
The company said that Adobe Reader X’s Protected Mode would prevent an exploit of this type from executing, but it is still going to address the vulnerability in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June 2011.