Adobe has issued a fix for a critical Flash vulnerability that attackers already are taking advantage of with targeted attacks. The flaw can allow attackers to get complete control of vulnerable machines, and Adobe said that it’s aware of attacks that are going after Flash on Internet Explorer.

The CVE-2012-1535 vulnerability in Flash, when exploited, either will crash the app or it could allow the attacker to run arbitrary code on the machine. Adobe officials are urging users to patch their systems now, especially given the fact that there are attacks targeting the Flash vulnerability.

“There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows,” Adobe said in its advisory.

Google also released a new version of Chrome on Tuesday, which includes the updated Flash Player.

In addition to the patch for Flash, Adobe also released a huge update for Reader and Acrobat on Tuesday. The update includes fixes for Reader and Acrobat X on Windows and Mac OS X and patches a slew of vulnerabilities, including numerous memory corruption vulnerabilities, stack overflows, buffer overflows and heap overflows, all of which could allow remote code execution, Adobe said.

Categories: Vulnerabilities

Comments (2)

Comments are closed.