Adobe warns of Flash Player security flaw

Adobe is warning of the discovery and exploitation of a security vulnerability in its Flash Player software.

The vulnerability exists in the Flash Player component for Windows, MacOS and Linux systems, as well as the Chrome and Android platforms. Adobe Reader and Acrobat are also subject to the vulnerability.

If exploited, the flaw could allow an attacker to remotely crash Flash Player and execute code on a targeted system.

Adobe said that the vulnerability is being exploited for targeted attacks on Windows systems using specially crafted Flash code embedded within Word files delivered as email attachments.

No attacks on other platforms or file formats have been reported so far.

Adobe is working on a release schedule for an update to patch the vulnerability, and said that Adobe Reader X can be further protected against the exploit by running in protected mode.

Attacks on Adobe components have grown in popularity, and are likely to remain so, according to security experts.

"Adobe has been a favourite target of client-side exploitation, and our McAfee Labs malware databases have shown that malicious Adobe PDFs have recently topped the number of unique malware samples by a wide margin," said Dave Marcus, McAfee Labs director of research and communication.

"We saw exploitation of vulnerabilities in Flash and PDF technologies throughout 2010, and expect this trend to continue, as Adobe will be supported by more mobile devices and non-Microsoft operation systems."