Adobe has confirmed that a critical vulnerability exists in Flash Player 10.1.85.3 (and earlier versions) for Windows, OS X, Linux and Solaris.
The vulnerability also affects Flash 10.1.95.2 and earlier iterations of the platform for Android.
Other infected software includes the authplay.dll component that ships with Adobe Reader 9.4 and previous 9.x versions for Windows, Mac and UNIX operating systems; as well as Adobe Acrobat 9.4 (plus earlier 9.x versions) for Windows and OS X.
So, what makes the vulnerability (CVE-2010-3654) unsafe?
Well, it could cause a crash and potentially allow an attacker to take control of affected systems.
As expected, the vulnerability is already being actively exploited in the wild against Adobe Reader and Acrobat 9.x.
However, digital breaches of Adobe Flash Player have not yet been reported.
Unfortunately, it seems as if Adobe will only make the relevant patches available on November 9th (Flash Player) and the 15th (Reader and Acrobat).
“[November 9th and 15th] is some time away,” noted Sophos security expert Graham Cluley.
“[So], in the meantime it wouldn’t be a surprise at all to hear of more malicious hackers attempting to exploit these vulnerabilities. [Of course], bad news for Adobe’s customers is bad news for Adobe.”
