In association with heise online

14 April 2011, 15:34

Adobe to patch Flash Player hole Friday

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Logo Adobe has confirmed that it plans to patch a previously reported critical vulnerability in Flash Player for Windows, Macintosh, Linux and Solaris on Friday, 15 April. There are already reports that the zero-day bug in Flash Player is being exploited using crafted .swf files embedded in Microsoft Word .doc files which are sent as an email attachment. The vulnerability can, when exploited appropriately, allow an attacker to take control of a system.

The issue can also be found in the Authplay.dll component used in Adobe Reader and Acrobat X 10.0.2 and all earlier versions for Windows and Mac OS X, including the 9.x branch. Adobe says that it will make an update available for these versions "no later than the week of April 25, 2011".

The company notes that, as Adobe Reader X includes Protected Mode, which prevents this type of exploit from executing, they are planning to address this in the next quarterly security update scheduled for 14 June 2011. A release date to patch Flash Player for Android and earlier, however, has not been announced.

Further details about the updates can be found in a post on the Adobe Product Security Incident Response Team (PSIRT) Blog by David Lenoe.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit