Adobe Patches Flash Player Security Vulnerability
The patch comes a few days after the company issued an advisory.
According to Adobe, the issue -- which it rated as “critical” -- is a memory corruption vulnerability and has been targeted by hackers sending out e-mails laced with a malicious Flash (.swf) file embedded in a Microsoft Word document.
According to the company, the issue exists in Flash Player versions 10.2.153.1 and earlier (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) on Windows, Macintosh, Linux and Solaris, as well as Adobe Flash Player 10.2.156.12 and earlier for Android.
The problem also exists in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
If exploited successfully, attackers could use the bug to execute code and hijack a vulnerable system.
Researchers at Trend Micro identified some e-mails with the exploit as carrying an attachment with the file name APRIL 2011.doc.
“Adobe recommends users of Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.159.1 (Adobe Flash Player 10.2.154.27 for Chrome users),” the company wrote in its patch advisory. “Adobe recommends users of Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux update to Adobe AIR 2.6.19140.
“Adobe expects to make available an update for Adobe Flash Player 10.2.156.12 and earlier versions for Android no later than the week of April 25, 2011,” the company added.