Adobe has released a patch to fix a critical vulnerability in its ubiquitous Flash Player software that was disclosed last week. The company pushed up its release plans for the patch after reports emerged that the bug already was being exploited.
The details of the Flash vulnerability aren’t public, but Adobe officials said last week that they were aware of public attacks against the bug.The patches released Monday fix the flaw on Windows, Mac OS X, Linux, Android and Solaris.
vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier
versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player
10.1.92.10 for Android. This vulnerability also affects Adobe Reader
9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and
earlier versions for Windows and Macintosh. This vulnerability
(CVE-2010-2884) could cause a crash and potentially allow an attacker to
take control of the affected system. There are reports that this
vulnerability is being actively exploited in the wild against Adobe
Flash Player on Windows. Adobe is not aware of any attacks exploiting
this vulnerability against Adobe Reader or Acrobat to date,” the company said in its advisory.
Adobe published a patch for versions of Flash Player running in Google Chrome last week.
There is still an unpatched critical bug in Adobe Reader, which also is being exploited in the wild right now. Adobe has said that it plans to release a fix for that flaw in the first week of October.