Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment. This vulnerability affects the following Adobe products:
- Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
- Flash Player 10.2.154.25 and earlier versions for Chrome
- Flash Player 10.2.156.12 and earlier versions for Android
- the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.
Additional information can be found in US-CERT Vulnerability Note VU#230057.