There’s a new Flash Player security flaw in town
According to Adobe Security Advisory ASPA11-02, the flaw impacts Flash Player 10.2.153.1 and earlier for Mac, Windows, Linux and Solaris users, version 10.2.154.25 for Google Chrome users, and 10.2.156.12 for Google Android OS users. The flaw is also present in Adobe Acrobat and Adobe Reader 10.x and 9.x.
Hackers can potentially gain access to user’s systems thanks to a flaw in the version of Authplay.dll that ships with the versions of Flash Player and Acrobat that are susceptible to the attack. So far, it appears that attacks that are currently in the wild are using specially crafted Flash SWF files embedded in Microsoft Word documents and are targeting only Windows users.
Adobe is working on a patch for the security flaw, but hasn’t said when the Flash Player update will be available. The patch for Acrobat and Adobe Reader users will be released as part of the company’s regularly scheduled quarterly security update set for June 14.