Adobe Readies Critical Fix For Flash Player

Adobe Systems will release a patch on Thursday to fix a critical vulnerability in Adobe Flash Player, which the company warned users about last week.

The update will be for Flash Player 10x for Windows, Macs, Linux and Solaris, but the bug actually covers larger ground.

The authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Unix and Macs as well as Adobe Acrobat 9.4 and early 9.x versions on Mac and Windows is impacted as well – as is Flash Player versions 10.1.95.2 and earlier for Android.

Android Next Week

“This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe warns in an advisory. “There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.”

The patch for Android is slated to come by 9 November, with the fix for Adobe Reader and Acrobat coming the week of 15 November.

The initial advisory, issued 28 October, appeared alongside a large update for Adobe Shockwave Player.