Adobe has said that it will issue a patch for the Flash Player vulnerability by tomorrow.
In an update David Lenoe, product security program manager at Adobe, said that the company had updated the security advisory posted on Friday to include the planned schedule for a patch to resolve CVE-2010-1297, and that it plans to make available an update for Flash Player 10.x for Windows, Macintosh and Linux by 10th June 2010.
However a date for Flash Player 10 for Solaris is still to be determined, and Adobe is expected to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and Unix by 29th June.
He said: “Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for 13th July. With this accelerated schedule we do not plan to release any new updates for Adobe Reader and Acrobat on 13th July.”
The company previously warned of a critical vulnerability in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and Unix operating systems.
It said that the vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player, Adobe Reader and Adobe Acrobat.