Adobe has announced an out-of-band patch for Flash will be released this week.
After confirming the flaw last week that could cause a crash and potentially allow an attacker to take control of the affected system, it initially said that an update for Adobe Flash was due for the week of 27th September, with a further patch due for Reader and Acrobat for the week of 4th October.
Writing on the Adobe security blog, product security program manager David Lenoe said: “Adobe now plans to make available updates for Adobe Flash Player for Windows, Macintosh, UNIX, Solaris and Android on Monday, 20th September.”
Chester Wisniewski, senior security advisor at Sophos Canada, said: “Microsoft is usually the biggest newsmaker on the second Tuesday of each month, but this month they may be overshadowed by two new Adobe vulnerabilities.
“Adobe will be releasing accelerated fixes for new zero-day vulnerabilities discovered in their Flash and Reader/Acrobat products and announced on their PSIRT blog that they will be moving the Flash patch up to 20th September, a week earlier than previously reported. This is likely because the flaw is being actively exploited in the wild.
“Fixes for Reader and Acrobat are still scheduled for 4th October, eight days ahead of the scheduled quarterly update. Adobe will release all of the quarterly fixes on the 4th rather than holding less critical fixes back until the 12th. Attacks against the Reader flaw are active in the wild as well, as I reported last week.
“Roll out the MS patches and stay tuned for information on the upcoming Adobe fixes. They will be very high priority and I recommend planning your deployment of these fixes as soon as possible.”