A new, critical bug in Adobe's Flash Player is giving some attackers a back door into victims computers, Adobe has warned.
The bug affects Adobe Flash Player version 10.0.45.2 and earlier on all operating systems, including Windows, Mac and Linux. It is also found in the latest versions of the widely used Reader and Acrobat software, Adobe said. "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat," Adobe said in its security advisory.
When exploited, the flaw can cause Adobe's software to crash, but it can also give attackers control of the computer, Adobe said.
The attacks are not yet widespread. Adobe has so far received two reports of online attacks. The first one came on Friday, according to company spokeswoman Wiebke Lips.
Trend Micro Researcher Paul Ferguson agreed that the attack is new, and does not appear to be widely used. "It may just be ramping up," he cautioned. "I just haven't seen anything so far."
Versions 8 of Adobe Reader and Acrobat are not vulnerable to the attack, Adobe said.
Adobe's free Reader software has become a favourite hacker target in the past few years. Attacks that involve malicious PDF files now make up about nearly 50 percent of all web-based attacks, according to Symantec.