Adobe: hole closed, hole open
Adobe brought forward the release of the announced update for Flash Player to today (Friday), although the originally scheduled release date was the 9th of November. The update closes 18 security holes and includes the hole discovered last week. Flash Player 10.1.102.64 is available to download for Windows, Linux and Mac OS. An update for Android is to be released next week.
The new Adobe Reader hole affects all versions from 9.2, or 8.1, for Windows, Unix and Mac OS X onwards. Adobe said that its Acrobat product is not affected by this hole. However, this doesn't mean that Acrobat is safe, as the update for the hole in authplay.dll in Flash Player, which also affects the Reader, has yet to be released. While Adobe announced that an update for Reader and Acrobat will be released in the week beginning on the 15th of November, it remains unclear whether this update will also fix the new problem, or whether the update will now be postponed.
Meanwhile, security specialist Secunia has reported a new problem for the recently updated Shockwave Player: Opening the "Shockwave Settings" may cause an unloaded library to be called and can potentially be exploited to inject and execute arbitrary code via a specially crafted web page.