In a Thursday blog post, Abode said that it had patched a number of vulnerabilities in its Shockwave Player; but also warned alongside that a new critical vulnerability in Abode Flash Player, Adobe Reader and Acrobat 9.x is being exploited to attack computers that run the popular PDF viewer software.

According to Abode, the zero-day Flash Player bug affects versions 10.1.85.3 and earlier versions on Windows, Macintosh, Linux and Solaris operating systems; Flash Player versions 10.1.95.2 and earlier versions for Android.

In addition, Abode also specified that the vulnerability affects the authplay.dll component which ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Mac and UNIX systems, as well as Adobe Acrobat 9.4 and earlier
9.x versions for Windows and Mac. The component chiefly renders Flash content in the PDF viewer.

Abode’s warning of the new vulnerability read thus: “This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.”

Abode also said that it is currently finalizing a patch for the vulnerability; with an update for Flash Player 10.x likely to be released by November 9; and an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions to be released during the week of November 15.