Adobe issued an alert Thursday warning of a critical vulnerability in its Flash Player that is being exploited in attacks on its Reader software.
The flaw could allow an attacker to take control of a system, Adobe said.
The vulnerability affects Flash Player10.1.85.3 and earlier versions for all the major operating systems, and Flash Player 10.1.95.2 and earlier versions for Android. It also affects the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and Unix, and Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh
Adobe said there are reports of the vulnerability being exploited in the wild against Reader and Acrobat 9.x, but it isn’t aware of any attacks against Flash Player.
The company expects to provide a fix for Flash Player by Nov. 9 and an update for Reader and Acrobat during the week of Nov. 15.
Also on Thursday, Adobe released an update to fix a critical vulnerability in its Shockwave Player, which it warned about last week.