Adobe Zero Day Vulnerability

Adobe warns of zero day vulnerability in Flash and Reader. Adobe has reported that an unpatched vulnerability in its Adobe Flash Player can be exploited to inject and execute malicious code.

The vulnerability has reportedly been used for targeted attacks in which victims, rather than being lured to a crafted Web page, were sent infected Excel files via e-mail. These contained a crafted Small Wave Format (SWF) file which ran in Flash Player when the Excel file was opened. Version 10.x for Windows, Mac OS X, Linux and Android, and the embedded Flash plug-in for Chrome, are all reportedly affected. Versions 10.x and 9.x of Adobe Reader and Acrobat for Windows and Mac are also vulnerable, as they contain the same bug in their integrated authplay.dll Flash engine. In at least the Windows edition of version 10 (aka X) the bug cannot be exploited to compromise a system. The sandbox function prevents malicious code from accessing the operating system, blocking attackers from installing malware. No attacks on Adobe Reader have been observed.
Source: in-Flash-and-Reader-1208184.html