Friday, April 15, 2011

Emergency Out-of-cycle Flash Player Patch

Of course it would come out on a Friday.  This is a "PATCH NOW" situation as this vulnerability is being exploited now.
For corporate installation, you may need to wait.  As of 19:03 MST on Fri 15 Apr 2011 the MSI installers are still the old version .  The EXEs are current, for manual installation.
Google has patched Chrome separately, since they have their own version of the Flash player.
Adobe - Security Bulletins: APSB11-07 - Security update available for Adobe Flash Player

A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.2.156.12 and earlier versions for Android. This vulnerability (CVE-2011-0611), as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform.

Adobe recommends users of Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.159.1 (Adobe Flash Player 10.2.154.27 for Chrome users). Adobe recommends users of Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux update to Adobe AIR 2.6.19140. Adobe expects to make available an update for Adobe Flash Player 10.2.156.12 and earlier versions for Android no later than the week of April 25, 2011.

US-CERT Current Activity: Google Releases Chrome 10.0.648.205
added April 15, 2011 at 08:18 am

Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities including the Adobe Flash vulnerability described in Adobe Security Advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.


No comments: