Adobe on Monday issued a security update to address a “critical” vulnerability in Adobe Flash Player that is being actively exploited in the wild and could allow an attacker to take control of a targeted system.
The flaw, which affects Flash versions 10.1.82.76 and earlier for Windows, Macintosh, Linux, Solaris and Android, was disclosed by Adobe earlier this month. The fix was originally slated to be issued on Sept. 27, but Adobe was able to get it completed and tested faster than initially anticipated, an Adobe spokeswoman told SCMagazineUS.com on Monday.
The vulnerability could cause a crash and potentially allow an attacker to take control of an affected system, according to Adobe. There are reports that the flaw is being actively exploited in the wild against Adobe Flash Player on Windows.
Adobe is recommending users of Adobe Flash Player for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player for Android update to Adobe Flash Player 10.1.95.1.
Meanwhile, Chrome users received the patch late last week with the release of Chrome 6.0.472.62 for Windows, Linux and Mac.
The same bug also impacts Adobe Reader 9.3.4 for Windows, Mac and Linux, and Acrobat 9.3.4 for Windows and Mac. Adobe said it is not aware of any attacks exploiting the bug against Adobe Reader or Acrobat.
Adobe is also still working to close a dangerous vulnerability affecting the latest versions of Reader and Acrobat that is being leveraged in active attacks. Both Reader and Acrobat are scheduled to receive security updates the week of Oct. 4.