Critical vulnerability in Flash and Acrobat

Adobe warned yesterday that its Flash, Acrobat and Acrobat Reader products all have a critical vulnerability that will allow an attacker to take control of the affected system.

The vulnerability is currently being exploited via a Flash file embedded in Microsoft Excel (.xls) file. The file has been distributed as an e-mail attachment. There are no reports yet on attacks targeting Acrobat software.

Users should be very careful with e-mail attachments until a fix has been issued and the software has been updated. Adobe promises that an update will be available on March 21.

Acrobat and Acrobat Reader are used to create and read PDF files. Flash and PDF files are very popular among malicious code writers because they are so widely used across different platforms. Almost every computer in the world has Acrobat or Flash installed. A single vulnerability can be exploited in Windows, Mac and other operating systems.

The affected versions are Adobe Flash Player 10.2 for Windows, Macintosh, Linux, Solaris and Android systems. Adobe Reader and Acrobat X are affected on Windows and Macintosh only. The full details of affected versions are on Adobe’s website.