Adobe has released a patch for a zero-day vulnerability discovered in its Reader and Acrobat software along with a fix for the critical vulnerability in Flash Player.
Last week, the company had published a security advisory in which it revealed that hackers were exploiting a vulnerability in Flash Player using malicious Microsoft Excel files sent via email. The flaw also existed in the authplay.dll component found in Reader and Acrobat.
“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing,” the company said in a blog post.
The vulnerability could be exploited by hackers to cause the computer to crash and remotely take over the machine. Adobe said that it had found no evidence that the vulnerability was being exploited via malicious PDF files just from infected Excel files.
Adobe's release of a security update for Flash Player, comes as the company is about to bring out the beta Flash Player 10.2 for Android devices.