Adobe warns of Flash attacks - again

Adobe has warned that hackers are exploiting an unpatched bug in Flash Player.

The firm said the vulnerability (catalogued as CVE-2011-0611) could cause a crash and allow an attacker to take control of an affected system.

The firm confirmed that there are reports that the vulnerability is being exploited in the wild. A Flash (.swf) file embedded in a Microsoft Word (.doc) file that is delivered as an email attachment, targets the Windows platform, Adobe warned.

The critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris; Flash Player 10.2.156.12 and earlier versions for Android; versions 10.2.154.25 and earlier for Chrome and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

Adobe said it is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

In the security advisory, Adobe said it is "in the process of finalizing a schedule for delivering updates". It failed to give itself a deadline. Its coders are no doubt beavering away as we speak, as Steve Jobs is no doubt caught between throwing his hands up in disbelief and sniggering into his cocoa.