On Monday, I posted a note about a new vulnerability in Adobe’s Flash Player, which also affects the browser plug-in. It affects other Adobe software products, such as Reader and Acrobat, too, that incorporate the player functionality. At that time, Adobe had not released a timetable for providing a fix.
Adobe has now published an updated Security Advisory [APSA 11-02], as well as a post at the Adobe Product Security Incident Response Team blog, updating their plans for releasing a fix for this vulnerability. An update for Flash Player (including the browser plug-ins), probably the most vulnerable components, is scheduled to be released this Friday, April 15. Updates for other Adobe products are also scheduled:
We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, and Solaris on Friday, April 15, 2011. We expect to make available an update for Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh no later than the week of April 25,
This is, potentially, a very serious vulnerability; I will post a note here when a patch is actually available. Those of you who use Google’s Chrome browser should also expect an update on or before Friday; I’ll post a note about that, too, as soon as I have any definite information.