Adobe Systems has warned users about attacks against a newly discovered vulnerability in Adobe Flash Player
Adobe Systems is warning users about about a Flash zero-day vulnerability that is under attack, the second time in nearly a week.
This time, the bug is in Adobe Flash Player. In a security advisory, the company said the flaw impacts versions 10.1.82.76 and earlier on Windows, Macintosh, Linux, Solaris and Android operating systems.
The same vulnerability also impacts Adobe Reader and Acrobat versions 9.3.4 and earlier on Windows and Macs, though so far they are not known to have come under attack, Adobe said.
“This vulnerability (CVE-2010-2884) could use a crash and potentially allow an attacker to take control of the affected system,” according to Adobe’s Product Security Incident Response Team blog. “There are reports that this vulnerability is being actively exploited in the wild against Flash Player on Windows.”
Meanwhile, the company announced plans to also patch during the week of 4 October the vulnerability in Reader and Acrobat it warned about 8 September. While users wait for a fix, Adobe and Microsoft announced 10 September that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.
Adobe did not offer any mitigation for the Flash flaw.