Adobe has published a security advisory in response to a critical flaw found in Flash Player. The vulnerability affects Flash Player version 10.2.152.33 and earlier across all major platforms including Windows, Mac OS X, Linux, Solaris, and Android, and also impacts the authplay.dll component included in Adobe Acrobat and Adobe Reader X. Adobe Flash Player 10.2.154.18 and earlier for Chrome is also affected.
A successful exploit of the Flash vulnerability could crash the system, or allow the attacker to take complete control of the affected system.
Adobe reports that the flaw is being actively exploited in the wild in targeted attacks using a malicious Flash file (SWF) embedded in a Microsoft Excel (XLS) e-mail file attachment. Adobe stresses that the Protected Mode sandbox in Reader X would prevent the malicious exploit from executing.
An update for Flash Player, Acrobat, and some versions of Reader is expected to be available sometime next week. Unlike Android devices, Apple’s iOS devices continue to eschew Flash, and are among the few devices immune from this latest security flaw. Apple also recently took the step of removing Flash as a standard install on some of its notebook lines.