Critical vulnerability in Flash, Reader and Acrobat reported by Adobe, with fix expected next week

Adobe has warned of a critical vulnerability that affects its Flash, Reader and Acrobat products.

It said that there are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x, but it is not aware of attacks targeting Adobe Flash Player.

Adobe said in its advisory that it is in the process of finalising a fix for the issue and expects to provide an update for Adobe Flash Player 10.x for Windows, Macintosh, Linux and Android by Tuesday 9th November.

“We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of 15th November,” it said.

Jonathan Leopando, technical communications spokesperson at Trend Micro, said that the vulnerability was very similar to the zero-day vulnerability reported in June, which was patched at the end of that month.

“As in the June attack, the vulnerable component lies in Flash. Acrobat and Reader were just both affected because they include what is, in effect, an embedded Flash Player in the file authplay.dll.,” Leopando said.

Sign up to our newsletters