Adobe Fixes Zero-Day Reader, Acrobat and Flash Flaws
Adobe locks downs its apps with updates to eliminate flaws that have been circulating for the last week.
Adobe users, it's time to update, again.
Last week, Adobe disclosed that it was aware of critical vulnerabilities in its Flash, Reader and Acrobat platforms. Those vulnerabilities have now been patched in a series of updates for Adobe Reader, Acrobat and Flash Player.
For Adobe Flash users, Flash Player version 10.2.152.33 and earlier versions on Windows Mac and Linux were all at risk. The flaw could have enabled an attacker to create a malicious .swf Flash file which could have potentially enabled an attacker to take control of a user's system.
Adobe noted in its advisory that it was aware of Flash being exploited in the wild using the flaw. The zero day attacks made use of an embedded .swf file inside of a Microsoft Excel file delivered as an email attachment.
The new Adobe Flash Player 10.2.153.1 which is now available from Adobe fixes the flaw.
While standalone Adobe Flash Player users have had to wait a week for a fix from Adobe, Google's Chrome users have been protected since last week. The Google Chrome 10.0.648.134 browser update provided a fix for the same zero day Flash issue that Adobe is fixing with the Adobe Flash Player 10.2.153.1 release. Google provides an integrated version of Adobe Flash Player and routinely gets updates faster than other platforms.
In a related set of update, the new Adobe Reader 9.4.3 and Acrobat X 10.0.2 releases are being issued to deal with a critical flaw in the authplay.dll component. The flaw could potentially have allowed an attacker to crash and then take control of a vulnerable system.
The Adobe updates for Reader,Acrobat and Flash are all out of the normal cycle of updates for Adobe. Adobe has moved to a quarterly update cycle for its products, with the next regularly scheduled update set for June 14, 2011.