Yet Another Adobe Vulnerability

As if the outstanding vulnerability in Adobe’s Reader and Acrobat products were not excess to our requirements, another vulnerability, this time in Adobe’s Flash Player, has been reported, and is apparently being exploited.   Flash Player versions 10.1.82.76 and earlier are affected, for all platforms (Mac OS X, Linux, Windows, and Solaris), as is version 10.1.92.10 for Android.   This vulnerability, which Adobe rates as Critical, also affects Reader and Acrobat, versions 9..3.4 and earlier, for Windows, Mac OS X, and Linux/UNIX.  Further details are in Adobe’s Security Advisory [APSA10-03].  The vulnerability has been assigned CVE-2010-2884.

Adobe indicates, in the Security Advisory, that it intends to release a patch for this vulnerability for Flash Player during the week of September 27.  They have not provided any mitigation advice or work-arounds.

Adobe has also updated their Security Advisory [APSA10-02] for the earlier vulnerability, indicating that they plan to release a patch for Reader and Acrobat during the week of October 4.  This patch will also include a fix for this latest vulnerability [APSA10-03].

I will post updates here when I get any new information.

Update Saturday, 18 September, 23:45 EDT

Adobe has updated its Security Advisory [APSA 10-03] to indicate that a patch will be available for Flash Player on Monday, September 20, 2010, for all platforms (Windows, Mac OS X, Linux, Solaris, and Android.  A patch in already included with the Flash Player built into the latest version of Google Chrome, 6.0.472.62.

4 Responses to Yet Another Adobe Vulnerability

  1. […] APSA 10-03, the new version of the Flash Player included with this version of Chrome fixes the recently discovered vulnerability in that […]

  2. […] to Patch Flash Monday Adobe has updated their Security Advisory [APSA 10-03] on the recently-discovered Flash Player vulnerability, indicating that they expect to release an update that fixes the flaw on Monday, September 20.  […]

  3. […] Adobe today released an updated version of its Flash Player, which incorporates a fix for the recently discovered security vulnerability.   The new version, 10.1.85.3, is available for Mac OS X, Windows, Linux, and Solaris.  There is […]

  4. […] security issues, including the vulnerability in Flash Player, fixed on September 20, and the vulnerability reported in early September, and described in Adobe Security Advisory […]

%d bloggers like this: