Adobe today announced that it will release a fix on Friday to a newly discovered serious Flash vulnerability which allows attackers to send malicious Flash file embedded in a Microsoft Word document, when a user opens the document, Flash Player will load the malicious file that could cause a crash or even it can allow an attacker to take the control of a system.
According to Adobe the bug exists in all earlier versions of Flash player, so it’s a mandatory update. Also the vulnerability affects Adobe Reader and Acrobat. But the recently released Adobe Reader X can prevent exploitation of the vulnerability with its sandbox mode.
AFFECTED SOFTWARE VERSIONS :
- Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.2.154.25 and earlier for Chrome users
- Adobe Flash Player 10.2.156.12 and earlier for Android
- The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
;
[ad#ads-inner]
As Adobe flash is tightly integrated in Google Chrome browser, today night Chrome will get the fix and a patch will be released on Friday for Windows, Mac OS X and Linux platforms. But there is no word about the launch of patch for Android OS.
You can read more details about the vulnerability at Security Advisory section of the Adobe website
[source : Adobe PSIRT ]