Adobe Warns of New Critical Flash Security Flaw

Adobe issued a warning to Flash Player users that it has discovered another critical security flaw in its multimedia playback platform. The flaw impacts Flash Player for Mac, Windows, Linux Solaris and Android users and could potentially allow an attacker to gain control over the victim’s system.

Flash Security FlawThere’s a new Flash Player security flaw in town

According to Adobe Security Advisory ASPA11-02, the flaw impacts Flash Player and earlier for Mac, Windows, Linux and Solaris users, version for Google Chrome users, and for Google Android OS users. The flaw is also present in Adobe Acrobat and Adobe Reader 10.x and 9.x.

Hackers can potentially gain access to user’s systems thanks to a flaw in the version of Authplay.dll that ships with the versions of Flash Player and Acrobat that are susceptible to the attack. So far, it appears that attacks that are currently in the wild are using specially crafted Flash SWF files embedded in Microsoft Word documents and are targeting only Windows users.

Adobe is working on a patch for the security flaw, but hasn’t said when the Flash Player update will be available. The patch for Acrobat and Adobe Reader users will be released as part of the company’s regularly scheduled quarterly security update set for June 14.