Adobe Flash hit by another zero-day flaw
Adobe has warned users about yet another zero-day security vulnerability in its Flash software.
The software firm warned that the flaw, which could crash a system and let attackers take control, was already being used.
“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform,” Adobe said in a post on its security blog. “At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat.”
The flaw affects Flash Player 10.2.153.1 for Windows, Mac and Linux, and 10.2.156.12 for Android.
Adobe is working to fix the flaw, but won’t patch its latest Adobe Reader X until the next scheduled update, saying its sandbox will protect users until then.
“Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June,” Adobe said.
Flash has been hit by a series of zero-day flaws, including one last month, although Adobe said its sandbox would also protect against that flaw.