Adobe warns of critical vulnerability in Flash and PDF readersBy Matthew DeCarlo
Adobe issued a new security advisory yesterday, warning of a critical vulnerability (CVE-2010-2884) in several of its products, including Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, and Solaris, as well as Flash 10.1.92.10 for Android. The bug also affects Adobe Reader 9.3.4 for Windows, Mac, and Unix, along with Adobe Acrobat 9.3.4 and earlier on Windows and Mac.
The company has received reports that Flash users on Windows have been attacked, but there is no word of Adobe Reader or Acrobat being exploited in the wild – at least not yet anyway. Adobe is rushing to get a patch out for Flash on all the mentioned platforms, and that's due sometime during the week of September 27. Reader and Acrobat won't be fixed until the following week of October 4.