Adobe Flash Vulnerability Advisory Appears Alongside Shockwave Patch
Adobe patches Shockwave Player, but reports a new vulnerability in Adobe Flash Player.Call it a good news, bad news situation for Adobe Systems. On the one hand, the company patched a number of vulnerabilities Oct. 28 in Shockwave Player; on the other hand, it issued a new advisory on a zero-day bug in Adobe Flash Player. The Flash Player vulnerability affects version 10.1.85.3 and earlier on Windows, Macintosh, Linux and Solaris operating systems, as well as Flash Player 10.1.95.2 and earlier versions for Android. It also impacts the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and Unix systems, as well as Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh.
"This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warned. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.