Adobe Flash Player Bug Exploited In The Wild

Adobe warned users Thursday of yet another critical Flash Player bug exploited in the wild which hackers are using to crash a user's computer or to take complete control of their system.

Specifically, the Adobe vulnerability exists in Flash Player version and earlier versions for Windows, Mac, Linux, and Solaris, as well as Adobe Flash Player and earlier versions for Android.

Additionally, the flaw can also affect the authplay.dll component that ships with Adobe Reader 9.4 and earlier versions for Windows, Mac and UNIX as well as Adobe Acrobat 9.4 and earlier version for Windows and Mac.

Adobe said that hackers have gotten to the bug and are currently exploiting it with malicious attacks in the wild against Adobe Reader and Acrobat 9.x, delivered via a Flash content embedded in an attached PDF. Meanwhile, Adobe hasn't yet seen any active attacks exploiting Flash Player itself.

Sponsored post

However, the San Jose, Calif.-based company confirmed that the Flash Player flaw doesn't affect Adobe Reader and Acrobat 8.x, or Adobe Reader for Android.

Next: Adobe Anticipates A Fix In November

As with many critical zero-day flaws, the Adobe Flash bug enables hackers to crash users' computers or take control of their entire machine, usually to steal sensitive data such as passwords, credit card and Social Security numbers and other personal information.

Adobe said in its advisory that it was working on a fix for the bug, and anticipates an update for Adobe Flash Player 10.x across multiple platforms on its "Patch Tuesday" Nov. 9. An update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions is expected the week of Nov. 15.

Adobe recommends a variety of workarounds that mitigate the risk of attacks, which include deleting or moving access to the AuthPlayLib.bundle file for Adobe Reader and Acrobat Pro 9.x. However, users will experience a non-exploitable system crash or error message if they subsequently open a PDF file containing Flash content.

Information regarding the Flash Player vulnerability is provided at the Adobe Product Security Incident Response Team blog.