14 DAY TRIAL // Adobe has released a new version of Flash Player in order to address a critical vulnerability actively exploited in the wild since the beginning of last week.
Last Monday, Adobe issued a security advisory warning users of attacks targeting a previously unknown vulnerability in Flash Player.
The attacks used maliciously crafted SWF files embedded into Excel documents in order to install a backdoor on people's computers.
The rigged XLS files were delivered via email, but the vulnerability can also be potentially exploited over the Web.
Because Adobe Reader and Acrobat also include a Flash Player version to support SWF animations in PDF documents, those products are also affected.
Google, which bundles a Flash Player plug-in in Chrome, has access to early builds and has already included a patched version in its browser since last Tuesday.
Adobe released Flash Player 10.2.153.1 for Windows, Macintosh, Linux, and Android yesterday in order to address the new zero-day vulnerability (CVE-2011-0609).
The flaw was also patched in the newly released Adobe AIR 2.6. Users are encouraged to update to the latest versions of these products immediately in order to remain protected from current and future attacks targeting this vulnerability.
New versions have also been released for Adobe Reader and Acrobat 9.x, while the 10.x branch will not be patched until June because its sandboxed architecture prevents such exploits.
The latest version of Flash Player for Windows can be downloaded from here. The latest version of Flash Player for Mac can be downloaded from here. The latest version of Flash Player for Linux can be downloaded from here.
The latest version of Adobe AIR for Windows can be downloaded from here. The latest version of Adobe AIR for Mac can be downloaded from here. The latest version of Adobe AIR for Linux can be downloaded from here.