Adobe has released a couple of security advisories that are worth noting, since they pertain to software that is installed on a large number of PCs.
The first bulletin [APSA09-03] applies to Adobe’s Reader (formerly Acrobat Reader), Acrobat, and Flash Player software, on all platforms. The Flash Player is very widely used as a browser plug-in, to display multimedia content from YouTube and other sites. The Reader is similarly used, as a plug-in or as a stand-alone application, to view files in Portable Document Format (.PDF). Acrobat can be used to create PDF files. Adobe rates this as a Critical vulnerability, and expectes to release a patch by tomorrow. The bulletin contains information about a possible work-around, by renaming, deleting, or removing access to the ‘authplay.dll‘ library.
The second bulletin [APSA09-04] is specific to users of the Flash Player as a plug-in for Internet Explorer on Windows; other browsers are not affected. It is related to the problem with the Active Template Library, for which Microsoft released out-of-schedule patches on Tuesday. If you have installed that Microsoft patch, you are probably somewhat protected; but Adobe rates this as a Critical vulnerability. They expect to have a fix available by tomorrow.
Update Thursday, 30 July, 21:00
The fixes for the Flash Player problem in the first bulletin [APSA09-03] are now available for download. See Adobe Security Bulletin APSB09-10 for instructions and download links.
Update, Friday, 31 July, 16:00
The fixes for Acrobat and Reader have now been released. The Security Bulletin, APSB09-10, has been updated to reflect this.