and the data theft late on Thursday, March 17.

Three days before that, however, acknowledging that attackers were exploiting an unpatched bug in Flash Player using tricked-out Excel documents.

"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an e-mail attachment," Adobe said in the March 14 advisory.

At the time, Adobe did not name RSA as the target of the ongoing attacks.

But Adobe did promise to patch the Flash vulnerability the next week, a promise it kept when it shipped an "out-of-cycle" update of the popular media player seven days later, on Monday, March 21.