Adobe fixes vulnerabilities in Flash, AIR and Acrobat
Adobe has released updates to its Flash Player, Acrobat and Acrobat Reader products to fix related security vulnerabilities in these products that potentially allowed an attacker to compromise a system by means of a crafted SWF embedded in an Excel file. In its original security advisory, Adobe identified the vulnerable products as being:
- Adobe Flash Player: 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems.
- Adobe Flash Player: 10.1.106.16 and earlier versions for Android.
- Adobe Reader and Acrobat: Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems. The problem lay in the Authplay.dll component that ships with these products.
Flash Player is now available to download in version 10.2.153.1 for Windows, Mac OS X, Linux and Solaris and the new version 10.2.156.12 for Android is available from the Android Market. Adobe AIR has also been updated to version 2.6 (Android Market link).
Adobe Reader and Acrobat for Windows and Mac OS X are now available in version 9.4.3 for the Reader and Acrobat and version 10.0.2 for Acrobat X. Downloads are available for Flash Player and AIR, but at the time of writing, not yet for Acrobat, except for Reader on the Mac. All users are advised to update.
- Google closes Flash hole faster than Adobe, a report from The H.
- Security update available for Adobe Flash Player, security bulletin from Adobe.
- Security updates available for Adobe Reader and Acrobat, security bulletin from Adobe.
- CVE-2011-0609, security advisory at the National Vulnerability Database.