Adobe announced this week that its Flash Player once again possesses a vulnerability that makes it possible for hackers to enter and take control of a person’s computer.
The security hole exists with the 10.2.153.1 and earlier versions of the Player for Windows, Mac, Linux and Solaris operating systems, as well as 10.2.156.12 and earlier versions for Android, said Adobe in a “security advisory” released Monday on its website.
The vulnerability also affects parts of Adobe Reader and Acrobat X (10.0.2), and earlier 10.x and 9.x versions for both Windows and Mac OSs.
In addition to causing the program to crash, the hole opens up computers to zero-day attacks, which allow hackers to take control of a system without the knowledge of the computer’s proper user. They do so though a phishing attack, which lures unsuspecting email users into downloading messages with Trojan horse attachments.
“There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform,” Adobe said in the security advisory.
Adobe said that it was “not aware” of any such attacks on Reader or Acrobat.
This is not the first instance Adobe Flash containing a zero-day bug. Just last month, the company discovered and patched another Flash-related hole in the Authplay component, which allows for the use of Flash in PDF files. In the past year, at least two other zero-day vulnerabilities in Flash have cropped up.
Adobe says that it is currently “in the process of finalizing a schedule for delivering updates” for most of the various Flash-related software and version impacted by the security hole. The issue will be addressed for Adobe Reader X for Windows next quarter, the company says.
