Adobe Systems issued patches late Thursday for a dozen vulnerabilities in its widely used Flash Player, including one that hackers have already been exploiting.
Adobe described the vulnerabilities as critical, saying they could cause the application to crash or allow an attacker to take control of the affected system, according to a security advisory. The bugs could also impact the vendor's Acrobat and Reader applications because they bundle Flash capability.
The security vulnerabilities affect Adobe Flash Player 9.0.159.0, 10.0.22.87, and earlier 9.x and 10.x versions, as well as Adobe Reader and Adobe Acrobat 9.1.2 and earlier 9.x versions. The flaw is found in versions of the application running on Windows, Macintosh and Unix systems.
There have been several reports of hackers launching attacks against users of Flash and Reader. Security software developer Symantec said that in some cases attackers sent e-mails with poisoned attachments that exploited the vulnerabilities.
The company issued a security update for Adobe Flash Player. The company also said it expects to issue updates for Reader and Acrobat sometime today.
Several of the bugs were caused by flawed Active Template Library development code from Microsoft's Visual Studio that was used to develop Flash.
