Adobe Patches Critical Security Flaw

With attackers actively exploiting the bug to remotely execute code, Adobe recommends that all Flash, Reader, and Acrobat users upgrade immediately.

(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
On Monday, Adobe patched a critical vulnerability in its Flash, Reader, and Acrobat products. It recommends that all users upgrade immediately to the latest version.
The out-of-cycle patch -- Adobe normally releases patches quarterly -- reflects the severity of the vulnerability as well as the fact that attackers are
actively exploiting
the bug to remotely execute code. In particular, attackers have been targeting Flash Player, by distributing via email a malicious Flash file (.swf) embedded in a Microsoft Excel file (.xls).
As of Monday, Adobe said that it hasnt seen any attacks targeting the Flash-related authplay.dll component in Adobe Reader or Acrobat, which is also vulnerable. Note also that Adobe Reader X Protected Mode -- sandboxing -- would prevent an exploit of this kind from executing, said Adobe.
The updated -- aka patched -- Flash software versions are Flash Player 10.2.153.1 (for Windows, Macintosh, Linux, and Solaris), AIR 2.6 (Windows, Macintosh, and Linux), and Flash Player 10.2.156.12 (for Android), which was released on March 18. Meanwhile the latest version of Google Chrome, 10.0.648.134, integrates Flash Player version 10.2.154.25, which also has the patch. It was released on March 15.
As that suggests, Adobe
shares Flash patches
with Google in advance of their general release, which gives Google a head start on patching its browser. Google, notably, also updates Flash Player for Chrome automatically. Other browser users will need to download and install the latest version manually.
For Adobe Reader and Acrobat, the updated version of Adobe Reader X 10.0.2 is only being released for Macintosh, since the Windows version (10.0.1) would prevent the attack from exploiting. Accordingly, Windows users wont see a patch until the next quarterly patch release date, scheduled for June 14, 2011.
Other updated versions -- all for both Windows and Macintosh -- are Reader 9.4.3, Adobe Acrobat X 10.0.2, and Adobe Acrobat 9.4.3. Reader and Acrobat users can check for and download updates through the applications help menu.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Adobe Patches Critical Security Flaw