Adobe Systems Inc. is set to release an out-of-cycle update to its popular Flash Player for Adobe Reader and Adobe Acrobat software, today, fixing a critical flaw that could give malicious hackers control of victims' machines.
UPDATE: Adobe released a security advisory
Requires Free Membership to View
SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!
Michael S. Mimoso, Editorial Director
today, issuing an update for Adobe Reader and Adobe Acrobate that repairs 17 software vulnerabilities.
The flaw exists in Adobe Flash Player 10.0.45.2 and earlier versions running on all operating systems. Adobe corrected the flaw in Flash for Windows, Macintosh and Linux on June 10. Brad Arkin, director of product security and privacy at Adobe said the issue would be addressed in Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29.
"The accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities," Arkin wrote in a blog entry outlining the rushed patch schedule. Today's release was scheduled for July 13.
A memory corruption error within a component of the player can crash, allowing an attacker to execute code remotely and take control of a victim's computer.
Adobe's widely used software is being targeted more often by attackers. The attacks have forced the software vendor to focus on secure software development. Despite the use of a number of different dynamic and static analysis tools to test for errors, malicious hackers continue to find zero-day vulnerabilities in the software.
The Flash vulnerability surfaced earlier this month with reports that attackers were actively targeting the vulnerability. Attackers trick users into clicking on SWF files or embed the SWF files directly into Adobe Reader and Acrobat files.