Adobe flaw was known about for seven months

Adobe Flash has been under the security spotlight again

The zero-day vulnerabilities discovered in Adobe's Flash Player this week had been known about for seven months, according to new reports.

Paul Royal, a principal researcher at web security service provider Purewire, is credited with first noticing that the flaw in Flash was actually logged into Adobe's bug and issue management system on 31 December.

Adobe will be embarrassed about the revelation that its security response team knew about the vulnerability for months, especially as it was originally misdiagnosed as a "data loss corruption" issue, according to a ZDnet report.

However, the firm has now moved swiftly to address the issue, announcing that patches will be available by 31 July for Windows, Mac and Linux users.

"A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux, and the 'authplay.dll' component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and Uxix," said Adobe in a security advisory.

"This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows."

In the meantime, Adobe recommends that users delete, rename or remove access to the 'authplay.dll' file that ships with Adobe Reader and Acrobat v9.x in order to mitigate the threats.