In addition to the pre-announced updates for Reader and Acrobat today, Adobe has also released a new version of its Flash Player, version 10·3·181·26, for Windows, Mac OS X, Linux, and Solaris platforms. The update incorporates a fix for a critical memory corruption vulnerability (CVE-2011-2110, which could cause a crash and potentially allow an attacker to take control of the affected system. Adobe says there is evidence that this vulnerability is currently being exploited by means of corrupted Web pages. Further details are in Adobe’s Product Security Bulletin [APSB11-18]. The affected versions of Flash Player are:
- Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 10.3.185.23 and earlier versions for Android
An update for the Android version is not available at present, but Adobe says one will be available by the end of this week. According to Adobe, this vulnerability does not affect the
authplay.dll component of Reader and Acrobat that allows the display of Flash content.
I recommend installing this update as soon as you conveniently can. Windows and Mac users should be able to obtain the update via the product’s built-in update mechanism; alternatively, versions for all platforms can be downloaded here.