Adobe Confirms Ongoing Attacks Against Flash Player

Adobe Systems is warning users about about a Flash zero-day vulnerability that is under attack, the second time in nearly a week.

This time, the bug is in Adobe Flash Player. In a security advisory, the company said the flaw impacts versions 10.1.82.76 and earlier on Windows, Macintosh, Linux, Solaris and Android operating systems.

The same vulnerability also impacts Adobe Reader and Acrobat versions 9.3.4 and earlier on Windows and Macs, though so far they are not known to have come under attack, Adobe said.

Zero-day Attack

“This vulnerability (CVE-2010-2884) could use a crash and potentially allow an attacker to take control of the affected system,” according to Adobe’s Product Security Incident Response Team blog. “There are reports that this vulnerability is being actively exploited in the wild against Flash Player on Windows.”

The good news for Flash Player users is that Adobe plans to fix the issue during the week of 27 September. A fix for the bug on Reader and Acrobat is slated to come the week of 4 October.

Meanwhile, the company announced plans to also patch during the week of 4 October the vulnerability in Reader and Acrobat it warned about 8 September. While users wait for a fix, Adobe and Microsoft announced 10 September that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.

Adobe did not offer any mitigation for the Flash flaw.