Zero-day Exploit Hits Flash, Acrobat

Adobe is warning that a critical security flaw in Flash Player and Adobe Reader has been discovered that potentially impacts all platforms including Mac OS X. There aren’t any reports yet claiming Mac users are being targeted, although it appears the exploit has already made its way to Flash for Windows users.

The security hole could allow attackers to cause application crashes on victim’s computers, as well as take control of remote computers. So far hackers taking advantage of the exploit seem to be sticking with Flash since there aren’t any reports of Acrobat-based attacks yet.

According to Adobe’s security alert, Flash Player 10.1.82.76 and earlier for Mac OS X, Windows, Solaris and Linux are affected, along with Flash Player 10.1.92.10 for Android. Adobe Reader 9.3.4 for Mac OS X, Windows and Unix, and Acrobat 9.3.4 for Mac and Windows are also potentially susceptible to the exploit.

Mac users aren’t being targeted yet, but they can help protect themselves from potential attack by avoiding untrusted Web sites, and by using alternative PDF readers such as Preview or PDFpen.

Adobe plans to release a security update the week of October 4 to address the issue.