Adobe late Friday warned that attackers are exploiting a "critical vulnerability" in the company's most widely-used software: Flash Player and Adobe Reader. The zero-day vulnerability is similar to one Adobe patched in July 2009. Amusingly, this one comes just days after the company's head of security admitted that hackers have its software in their crosshairs.
The bug affects Flash Player 10.0.45.2 (which is the most up-to-date version), as well as older editions on Windows, Macintosh, Linux and Solaris. Also vulnerable, as it turns out, are Adobe's PDF viewer Adobe Reader 9.x and PDF creation software Adobe Acrobat 9.x on Windows, Macintosh and Unix.
And, of course hackers are already exploiting the flaw. "There are reports that this vulnerability is being actively exploited in the wild against Flash Player, Reader and Acrobat," the company said in a security advisory issued around 3:30 p.m. PT Friday.
Splendid. Ya gotta just love an almost universal exploit being actively used with no patch available. Hackers, "Start your engines!"
And don't think that transitioning away from Flash to HTML5 is going to make this problem go away. It's not. HTML5 is going to make things worse, much worse, and you can mark my words.