Another Flash Vulnerability

April 11, 2011

Adobe today released a new Adobe Product Security Advisory [APSA 11-02], detailing a new zero-day vulnerability in its Flash Player.  According to Adobe, attempts to exploit the flaw could cause a system crash, or allow the attacker to take control of the affected system.  At present, the known exploits are directed at Windows systems, and use Flash content embedded in a Microsoft Word document, delivered as an E-mail attachment.  All recent versions of the player are vulnerable; Adobe lists the following affected versions:

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

Adobe also says that, although the vulnerability exists in Reader X for Windows, the Protected Mode feature would prevent its being exploited.

At present, Adobe has not set a date for supplying a fix for this vulnerability.  As always, you should be very careful with any E-mail attachments from other than totally-trusted sources.  I will post further information on this as I am able to get it.


%d bloggers like this: