User systems in the meantime were susceptible to those attacks. The latest critical vulnerability in Flash was revealed in a security advisory at the Adobe website.

The critical vulnerability in all Flash Player versions for all supported operating systems – yes even Android – impacts not only systems running Flash, but also systems running Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4.

Adobe states that “this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system” with reports that the vulnerability is already actively exploited in the wild “against Adobe Flash Player on Windows”.

Adobe expects to provide an update during the week of September 27 for Adobe Flash Player, and October 4 for Adobe Reader and Acrobat.

Until then, all users running Adobe Flash or Adobe Reader / Acrobat are vulnerable to the critical vulnerability. Make sure your security software detects the vulnerability and blocks it from execution.

One question that Chrome readers may have in mind: Is the build in Flash plugin also susceptible for attacks? In short, yes it is. The latest Chrome internal Flash Player plugin version is listed as 10.1.82.76, which is exactly the version that is vulnerable. The design of the browser may however mitigate the impact on the system, as may the out of process feature of the Firefox web browser.

We say may because we have no confirmation at this point.

An Adobe Flash Player security update has been made available not only for Flash Player users but also for users of other Adobe products including Adobe Air, Adobe Flex and Adobe Flash CS4 and CS3.

The security bulletin contains download links for all affected Adobe applications and it is recommended to update the products as soon as possible to patch the security vulnerability on the computer system.

Computer users who are not sure about the installed Flash Player version may visit the Adobe Flash Player page that contains a script that will retrieve and display the system’s Flash player version.

The Flash Player version check can be accessed here.

That’s where the Mozilla developers began thinking about solutions for this problem. They quickly came up with the solution to test the version of the Adobe Flash plugin after Firefox updates. Regular Firefox users know that Firefox will open a what’s new page after an update. This what’s new page will contain the Adobe Flash version check.

Firefox users with an outdated version of Adobe Flash will receive the notification that it is outdated. This information contains a link that is directly pointing to the latest version of Adobe Flash at the Adobe website. Hopes are that many users who are running an outdated version of Flash will visit the Adobe website after a Firefox update to download the latest version of Adobe Flash to install it on their computer system.

Users who want to try the Flash check right now can visit the upcoming what’s new page for Firefox 3.5.3.

The HP Security Laboratory has created the application SWF Scan which can be used by both developers and end users to analyse Adobe Flash files for more than 60 vulnerabilities. Usage is pretty simple and straightforward although interpretation of the findings might require a deeper understanding of Adobe Flash or extensive research on the Internet. The application works with both local Adobe Flash files or those embedded in websites.

Users will first have to find out the direct url to the embedded flash file on the website. All web browser provide those capabilities. Firefox users for instance right-click the page and select Page Info from the context menu to get a list of objects that are embedded in the website. A click on the Media tab and a manual search for files of the type embed should be enough to find the url of the Adobe Flash file. A right-click on the flash object will open a menu with the option to copy the url to the clipboard.

Once the url has been copied to the clipboard it can be pasted into the interface of the HP SWF Scan application. A click on the get button next to the url bar will initiate a connection attempt of the Adobe Flash security scanner. If the file is a valid Adobe Flash file it will automatically try to decompile it displaying the findings in the sidebar and the actual source in the right window.

A proficient Flash user can now analyze the code on his own. Everyone else is better of clicking on the Analyze button in the header of the security program. This will analyze the decompiled source code and provide a summary to the user.

The summary contains a list of vulnerabilities that have been found in the Adobe Flash file. This vulnerabilities mean that the Flash file might be vulnerable to certain exploits. Flash developers can then rewrite part of their application to fix the discovered vulnerabilities. End users on the other hand may be delighted to know that an Adobe Flash file does not contain any of the known vulnerabilities.

SWF Scan is a free download after a mandatory registration at the HP website. It is currently only available for the Microsoft Windows operating system.