Adobe Systems plans to release a patch by Thursday to address a critical vulnerability in Adobe Flash Player that the company warned users about last week.
The update will be for Flash Player 10x for Windows, Macs, Linux and Solaris, but the bug actually covers larger ground. The authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Unix and Macs as well as Adobe Acrobat 9.4 and early 9.x versions on Mac and Windows is impacted as well-as is Flash Player versions 10.1.95.2 and earlier for Android.
“This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe warns in an advisory. “There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.”
The patch for Android is slated to come by Nov. 9, with the fix for Adobe Reader and Acrobat coming the week of Nov. 15.
The initial advisory, issued Oct. 28, appeared alongside a large update for Adobe Shockwave Player.