Adobe is warning against a different type of attack. This is a zero day attack using Microsoft Excel files and the Flash Player.
Adobe says that the “critical” vulnerability affects the latest versions of Adobe Flash Player for Windows, Mac OS X, Linux, Solaris and Chrome. It also exists in the authplay.dll component that ships with Adobe Reader and Acrobat X.
Reports are showing that the attacks have been limited so far. The targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file and delivered as an email attachment.
What does the vulnerability allow?
This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is not currently aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.
So what is being done about it? Adobe expects to ship a patch for Flash Player 10.x and earlier versions for different operating systems including Windows, Mac, Linux, Solaris and Android.
How does the exploit occur?
Successful exploitation requires that the Blackberry user to browse to a website that the attacker has maliciously designed. A hacker can make a successful exploit possible by using the BlackBerry Browser to access user data stored on the media card and in the built-in media storage on the BlackBerry smartphone, but not to access email and other personal information on the file system of the BlackBerry smartphone. The release date of the patch is March 21st.
Thanks to George Garza