Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting  the following Adobe products:

  • Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
  • Flash Player…

    Read more at: US-CERT Current Activity

    Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting  the following Adobe products:

    • Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
    • Flash Player 10.2.154.25 and earlier versions for Chrome
    • Flash Player 10.2.156.12 and earlier versions for Android
    • the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

    Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    The Adobe advisory indicates that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. However, the method of attack can change at any time.

    At this time, Adobe has not released a fix to mitigate this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until a fix becomes available:

    • Review Adobe security advisory APSA11-02.
    • Exercise caution when opening unsolicited email attachments.
    • Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.

    Additional information can be found in US-CERT Vulnerability Note VU#230057. US-CERT will provide additional details as they becomes available.

    Read more at: US-CERT Current Activity