Adobe Flash hit by another zero-day flaw2011-04-12 09:35 by Daniela
Tags: Adobe, Flash, security
Adobe has warned users about yet another zero-day security vulnerability in its Flash software.
The software firm warned that the flaw, which could crash a system and let attackers take control, was already being used.
"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform," Adobe said in a post on its security blog. "At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat."
The flaw affects Flash Player 10.2.153.1 for Windows, Mac and Linux, and 10.2.156.12 for Android.
Adobe is working to fix the flaw, but won't patch its latest Adobe Reader X until the next scheduled update, saying its sandbox will protect users until then.
Read more -here-