Another Flash Vulnerability

Adobe today released a new Adobe Product Security Advisory [APSA 11-02], detailing a new zero-day vulnerability in its Flash Player.  According to Adobe, attempts to exploit the flaw could cause a system crash, or allow the attacker to take control of the affected system.  At present, the known exploits are directed at Windows systems, and use Flash content embedded in a Microsoft Word document, delivered as an E-mail attachment.  All recent versions of the player are vulnerable; Adobe lists the following affected versions:

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

Adobe also says that, although the vulnerability exists in Reader X for Windows, the Protected Mode feature would prevent its being exploited.

At present, Adobe has not set a date for supplying a fix for this vulnerability.  As always, you should be very careful with any E-mail attachments from other than totally-trusted sources.  I will post further information on this as I am able to get it.

2 Responses to Another Flash Vulnerability

  1. […] Monday, I posted a note about a new vulnerability in Adobe’s Flash Player, which also affects the browser plug-in.  […]

  2. […] has released new versions of its Reader and Acrobat products, to address the recently-discovered Flash vulnerability [CVE-2011-0611].  (This is the same flaw that Adobe patched in Flash Player last Friday.)  […]

%d bloggers like this: