Adobe Systems acknowledges another critical vulnerability in Flash Player, Reader and Acrobat products which exposes its users to malicious attacks from hackers with an intention to steal sensitive data.
The vulnerability is identified as APSA10-05 (CVE-2010-3654) and has been confirmed in:
- Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux and Solaris
- Flash Player 10.1.95.2 and earlier versions for Android
- authplay.dll component which is included in Reader 9.4 and Acrobat 9.4 and earlier 9.x versions
Adobe has confirmed that ‘This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x.’