Adobe has issued a security advisory warning of critical vulnerabilities in Flash Player for Windows, Macintosh, Linux, Solaris, and Android, and says that the same vulnerability affects Adobe Reader and Adobe Acrobat on Windows and Mac as well. Adobe says:
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe claims that the company is working on fixes for this issue, but the patches won’t be out any time soon.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.
We’ve suggested multiple times to not use Adobe Reader because of the many security vulnerabilities; using Apple’s Preview is much safer. As for Flash, one strategy is to not load Flash on web pages, especially pages for sites you’re not familiar with. If you use Apple’s Safari web browser, you can install the free ClickToFlash to block all Flash animations from loading (and you can click on the ones you want to view). If you use Firefox, try the Flashblock add-on. If you use one of these Flash blockers, you may be surprised at the number of Flash items that exist on websites; these are often objects that you don’t notice are Flash, but only see as graphics.