Software maker Adobe has released a new advisory warning users about a new critical Flash zero-day bug which is capable of causing a crash and allow a hacker to gain control of the system.
In a blog post, the company said that the zero-day bug was currently being exploited in the wild using an infected Flash (.swf) file embedded in a Microsoft Word document sent via email. The vulnerability is only being exploited in Windows based systems.
Adobe said that the vulnerability affects Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris and Adobe Flash Player 10.2.156.12 along with earlier versions of the player for Android. The vulnerability also exists in the Authplay.dll component that comes with Adobe Reader and Acrobat X for Windows and Mac operating systems.
“At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing,” Adobe said.
The company informed that it was in the process of finalising the schedule for releasing the security patch that fixes the vulnerability. Adobe credited security researcher Mila Parkour for discovering the vulnerability in Apple-nemesis Flash.