Adobe has patched critical vulnerabilities in its Flash Player, Reader and Acrobat software products that let attackers take control of Windows systems and execute malicious code.
Adobe published security updates for the critical vulnerabilities on Tuesday. The most severe vulnerability, CVE-2012-1535, affects Adobe Flash Player 11.3.300.270 for Windows, Macintosh and Linux, and its earlier versions. It allows attackers to remotely control a computer and is being exploited in the wild in "limited targeted attacks", Adobe said in a security advisory.
The vulnerability is being distributed via malicious Microsoft Word documents and targets the ActiveX version of Flash Player for Internet Explorer on Windows systems. Adobe did not specify which version(s) of IE the exploit affects.
The company recommends Windows and Macintosh users should update Adobe Flash Player to version 11.3.300.271, Linux users should upgrade to 126.96.36.199 and Google Chrome users need not worry as the software updates automatically.
Along with this, Adobe issued a critical security update for its Reader and Acrobat software to fix a set of vulnerabilities that could let attackers execute malicious code. However, it did not indicate that this vulnerability was being used in targeted attacks.
Windows and Macintosh users of Adobe Reader X 10.1.3 should upgrade to 10.1.4, while those on Adobe Reader 9.5.1 and unable to update to Adobe Reader X can upgrade to Reader 9.5.2.
Macintosh and Windows users of Adobe Acrobat X 10.1.3 should move to 10.1.4. Finally, Windows and Macintosh users of Adobe Acrobat 9.5.1 should upgrade to 9.5.2.
Adobe also released an update for Adobe Shockwave Player to deal with a vulnerability that could allow remote code execution on the system. The company recommends that users of Adobe Shockwave Player 188.8.131.525 update to the newest version, 184.108.40.2066.
Adobe warned users of the vulnerabilities on 9 August.