Adobe To Supply Fix For Critical Vulnerability In Flash Player, Reader And Acrobat

Adobe has vowed to release an out-of-cycle emergency patch for a zero day bug affecting its Flash, Acrobat and Reader software after it learned that the flaw was being exploited in the wild.

According to a security advisory released by the company, the vulnerability exists in the current and previous versions of Adobe Flash Player for Windows, Mac, Linux, Solaris and Android.

The company said that the vulnerability also exists in the Authplay.dll component that ships with all the versions of Adobe Reader and Acrobat X for Windows and Mac.

Adobe warned that the vulnerability could cause a crash and allow a hacker to remotely take control of an affected system. The vulnerability was being exploited in the wild using a a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

In a follow-up post, the company informed that it would be releasing updates for Adobe Flash, Acrobat and Reader on March 21st.

Adobe also said that the Adobe Reader X for Windows will be receiving a similar update in the next quarterly security update release as the threat was curtailed in the software, thanks to its advanced sand-boxing capabilities.

“We are working closely with our Microsoft Active Protections Partners (MAPP), customers and other partners in the security community to monitor the situation. Should we see different types of exploits targeting CVE-2011-0609 in Adobe Reader X, we will update our current plan accordingly,” the company said.