A security advisory has been published by Adobe recently, which has come as a response to a critical flaw that was discovered in its Flash Player. The platforms on which Flash Player is drastically affected by the vulnerability include Mac OS X, Windows, Linux, Android and Solaris while also affecting the component called authplay.dll which is included in Adobe Acrobat and Adobe Reader X. If the Flash Player vulnerability is exploited successfully, the hacker can crash the system or assume total control of the system that is affected. According to Adobe, the flaw is already being exploited for targeted attacks in the wild which use a malicious Flash file which is embedded into email attachments of Microsoft Excel files.As of yet, no hack attempt has been reported for Adobe Reader or Adobe Acrobat, and it is being stressed by Adobe that the Adobe Reader X’s Protected Sandbox mode should stop the execution of the malicious exploit.
As Adobe continues work on a fix for this vulnerability, the update implementing the fix is expected to hit the users of Flash Player, Acrobat and some of the Reader’s versions sometime in the next week itself. However, the Reader X for Windows will not be a part of the packages which will be updated as the sandbox protection in the software is supposed to offer enough resistance against the exploitation of this vulnerability already and this particular software will be updated as was earlier planned in the quarterly update which is planned for June 14.
The blog post by the Adobe Secure Software Engineering Team states that they considered providing a similar update for the Adobe Reader X as well; however it will have meant that the current patch release would have been delayed by around another week from its current schedule.