Adobe Confirms Flash Zero-Day Bug in PDF Docs
Gregg Keizer writes on ComputerWorld:
Adobe is investigating a critical vulnerability in its Flash format that is currently being exploited by hackers using malicious PDF documents, according to the company's security team and outside researchers.More here.
Adobe said little in a short entry to its security blog late Tuesday. "Adobe is aware of reports of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10," said Brad Arkin, the company's director for product security and privacy. "We are currently investigating this potential issue."
Reader and Acrobat 9.1.2 are the most current versions of those applications.
An Adobe spokesman early Wednesday confirmed that the vulnerability was an issue within Flash content that is inserted into a PDF (Portable Document Format) file. Users can drop Flash movies into PDF files, for instance.