Adobe confirms zero-day vulnerability

Security experts have expressed concerns about a flaw spanning three Adobe products

Adobe is investigating a vulnerability affecting several of its products, after experts warned that the flaw is already being exploited in the wild. The company is working with security vendor Symantec on a solution to the problem.

"Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. We are currently investigating this potential issue and will have an update once we get more information," said Brad Arkin, director for product security and privacy at Adobe, in a blog post.

Reports of the issue have been buzzing around the internet, and warnings have been released by VeriSign and Symantec.

"An issue in Adobe Flash is serious. Most vulnerabilities are confined to one technology - for example, a vulnerability may affect a particular browser or a particular operating system - but it is rare for a vulnerability to span multiple platforms and products," said Patrick Fitzgerald, a security worker at Symantec.

"This is not the case with Flash. Flash exists in all popular browsers and is also available in PDF documents. It is also largely operating system independent, so the threat posed by this issue is not to be taken lightly. Flash has become an integral part of the modern browsing experience, becoming so ubiquitous that most users don't even notice it."

Users are advised to make sure that their systems are as secure as possible, as hackers could take control of any infected machines.

"We are in contact with the Adobe team in relation to this issue. We urge our customers to ensure that their anti-virus definitions are up to date," said Fitzgerald.

"It is likely that we will see many attacks over the coming months that will attempt to exploit this vulnerability. As always, keep an eye out for the official patch from Adobe, and ensure that all products are up to date."