In Security Bulletin APSB10-21, Adobe said that these critical security issues include the vulnerability notice CVE-2010-2883 referenced in Security Advisory APSA10-02 and notice CVE-2010-2884 referenced in the Adobe Flash Player Security Bulletin APSB10-22.
In CVE-2010-2883, Adobe said that the critical vulnerability in Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac could cause a crash and potentially allow an attacker to take control of the affected system.
“There are reports that this vulnerability is being actively exploited in the wild”, the company said.
In CVE-2010-2884, the company said that a critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Mac, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. “There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows,” the company said, but it is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe said that the October 5 updates represent an accelerated release of the next quarterly security update originally scheduled for October 12. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on October 12.