Adobe flash player to launch targeted malware attacks, Adobe releases Emergency flash player patch on Friday to fix the problem.

Adobe issued Adobe Flash Player patch 10.2.159.1, for users of Flash version 10.2.153.1, and Adobe Flash Player 10.2.154.25 for those that use Chrome. The patch will fix a “critical” vulnerability in Flash Player 10.2.153.1 and earlier versions for Windows, Mac OS X Linux and Solaris. Adobe expects to make available an update for Adobe Flash Player 10.2.156.12 and earlier versions for Android later a week of April 25, 2011. Adobe plans to fix the vulnerability in Adobe Acrobat and Adobe Reader at a later date.

Adobe Flash Vulnerability:

Adobe-Flash-vulnerability

Adobe knew that the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Vulnerability is exploited in targeted  attacks via a malicious Web page or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, finally targeting the Windows platform.  At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigation would prevent an exploit of this kind from executing.

As PC Mag’s Larry Seltzer finds, this type of vulnerability might familiar. It’s quite similar to another Flash zero-day from several weeks ago that was embedded in an Excel file and used to attack RSA.