Adobe Warns Of Zero-day Flash Player Vulnerability

Adobe has released a security advisory for a vulnerability its Flash Player platform along with an update for its Shockwave Player.

According to Adobe, the zero-day Flash Player vulnerability affects versions 10.1.85.3 and earlier versions on Windows, Macintosh, Linux and Solaris operating systems along with Flash Player 10.1.95.2 and earlier versions for Android mobile operating system.

“This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x,” the company warned in the security advisory.

It also added that it was not aware of any attacks on Flash Player in the wild.

The company said that it is currently working on a fix that is promised to be released for Flash Player 10.x for Windows, Macintosh, Linux, and Android by 9 November, 2010.

The security fix for the vulnerability will be released for Adobe Acrobat and Reader by 15 November.