Tuesday, September 21, 2010

Adobe patches Flash Player zero-day

The US-CERT article and the ZDNet article linked below both have more information.  I have patched my systems without problems.  If you watch online videos or don't have an adblocker, you should update ASAP as the vulnerability this fixes is being exploited as I type.

Adobe released Flash Player 10.1.85.3. Download it at http://www.adobe.com/support/flashplayer/downloads.html
Adobe released Flash Player 10.1.85.3. Download it at http://www.adobe.com/support/flashplayer/downloads.html
Adobe patches Flash Player zero-day | ZDNet

By Ryan Naraine | September 20, 2010, 10:29pm PDT

Adobe has shipped another Flash Player update to fix a critical vulnerability that was being exploited in live malware attacks.

The flaw, which surfaced last week as a zero-day attack against Windows systems, allows remote code execution via rigged Flash files.

According to Adobe, the vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux and Solaris.   It also affects Flash Player 10.1.92.10 for Android.

The security hole also allows code execution on Adobe Reader but that product will not be patched until the week of October 4, 2010.

US-CERT Current Activity: Adobe Releases Security Advisory for Flash Player
added September 14, 2010 at 10:35 am | updated September 20, 2010 at 03:15 pm
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Update:

Adobe has released a security update to address this vulnerability.
Users and administrators are encouraged to review Adobe security
bulletin APSB10-22 and apply any necessary updates to help mitigate the risks.

No comments: