Adobe has warned users about a critical flaw in its Shockwave Player, the details of which were publicly disclosed by a security firm.
The vulnerability exists in Adobe Shockwave Player 18.104.22.1682 and earlier versions on the Windows and Macintosh operating systems.
Abyssec Security Research published a detailed account of the Shockwave Player zero-day flaw, saying that it could be exploited using a maliciously crafted DIR or DCR file.
Adobe responded in a security advisory, saying that the vulnerability was critical and was capable of causing a crash and handing over the controls of a system to a hacker.
“While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date,” Adobe said.
The company has reassured users that it was working with other researchers and security partners to issue a patch for the vulnerability. However it didn't confirm any date for the patch release.