In what's become an all-too-familiar refrain, Adobe has released yet another security bulletin, APSA 10-03, giving very few details about a new zero-day hole in Flash. The hole apparently exists not only on Windows systems, but also Mac, Linux, Solaris, and Android.
The zero-day security flaw "could cause a crash and potentially allow an attacker to take control of the affected system." Adobe further advises, "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."
[ Also on InfoWorld: Adobe and other developers got a huge boost last week when Apple announced looser restrictions on its programming tools | Take your security to task with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
In a different twist, the same security hole also bedevils Adobe's Acrobat and Reader, according to Adobe, leaving them both exposed to the same kind of exploit. Blame the Flash player embedded in Reader.
Adobe says it plans to have a fix available for Flash during the week of Sept. 27.
The company also says it'll be able to patch Acrobat and Reader the week of Oct. 4. According to security bulletin APSA 10-02, that's the same time Adobe promises to have a fix for the Acrobat and Reader zero day I talked about last week in my Tech Watch post "Dangerous Adobe Reader zero-day raises the bar." It leaves me wondering how the two are related.