Adobe has published another security advisory after the discovery of a “critical vulnerability” in Adobe Flash Player 10.2.152.33 and earlier versions across all major platforms including Windows, Macintosh, Linux, Solaris and Android mobile devices. According to Adobe, the Zero-Day exploit is being deployed in the wild in “targeted attacks” through a Flash (.swf) file embedded in a Microsoft Excel file delivered as an email attachment. Adobe reports that it is “finalizing a fix for the issue,” but does not expect to have the hole patched until the “week of March 21.”
Adobe explains that the exploit can cause a system crash followed by the attacker taking control of compromised systems remotely. In the meantime, users should exercise extreme caution when receiving emails with any type of Flash file embedded within it.
