For the second time in nearly a week, Adobe Systems is warning users about a zero-day vulnerability under attack.
This time, the bug is in Adobe Flash Player. In a security advisory, the company said the flaw impacts versions 10.1.82.76 and earlier on Windows, Macintosh, Linux, Solaris and Android operating systems. The same vulnerability also impacts Adobe Reader and Acrobat versions 9.3.4 and earlier on Windows and Macs, though so far they are not known to have come under attack, Adobe said.
“This vulnerability (CVE-2010-2884) could use a crash and potentially allow an attacker to take control of the affected system,” according to Adobe’s Product Security Incident Response Team blog. “There are reports that this vulnerability is being actively exploited in the wild against Flash Player on Windows.”
The good news for Flash Player users is that Adobe plans to fix the issue during the week of Sept. 27. A fix for the bug on Reader and Acrobat is slated to come the week of Oct. 4.
Meanwhile, the company announced plans to also patch during the week of Oct. 4 the vulnerability in Reader and Acrobat it warned about Sept. 8. While users wait for a fix, Adobe and Microsoft announced Sept. 10 that Microsoft’s Enhanced Mitigation Experience Toolkit 2.0 offers some protection against ongoing attacks.
Adobe did not offer any mitigation for the Flash flaw.