The Adobe Reader 9.1.2, Acrobat Reader 9.1.2, Adobe Flash Player 9, and Adobe Flash Player 10 security vulnerability that came to light earlier this month, the vulnerability that has been acknowledged by the California-based company that specializes in creating multimedia and creativity software products, is not new after all. According to recent reports, it was something that Adobe’s security response team knew about for 8 months.

The security hole was initially brought to light on the 31st of December, 2008, but at the time it was erroneously diagnosed as a “data loss corruption” issue. Just because Adobe misdiagnosed the issue, this does not mean hackers and other people with malicious intent did the same. Quite the opposite – they started to use the security hole to attack vulnerable systems. When Adobe got wise to this fact, it locked access to the bug ticket and posted a note saying that it has been reclassified as a security bug and a patch will be issued in the future.

If you are not familiar with the security vulnerability in question, here is a brief description: it affects Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions; Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions, it has been rated by Adobe as critical, and a patch is supposed to be rolled out on July 30th (for Flash Player v9 and v10 for Windows, Macintosh, and Linux) and July 31st (for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh, and UNIX).

According to PSIRT (Adobe Product Security Incident Response Team) the vulnerability affects Flash Player and the authplay.dll component in Adobe Reader and Adobe Acrobat and could “cause a crash and potentially allow an attacker to take control of the affected system.” PSIRT also said that it is aware that the vulnerability is being actively exploited in the wild, albeit via limited, targeted attacks.