Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous Flash Player.
Adobe says the vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android.
It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.
From Adobe’s advisory:
This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Technical details about the vulnerability are not yet available.
Adobe says it expects to issue a Flash Player patch during the week of September 27, 2010.
Patches for Adobe Reader aren’t due until the week of October 4, 2010.