Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Security Fixes and Improvements

September 21st, 2010, 06:09 GMT · By

Adobe Patches Zero-Day Flash Player Vulnerability

SHARE:

Adjust text size:


Flash Player 10.1.85.3 fixes critical actively exploited flaw
Enlarge picture
Adobe has released Flash Player 10.1.85.3 in order to address a critical remote code execution vulnerability that was being actively exploited in the wild.

Last Monday, on September 13, Adobe warned customers that a previously unknown vulnerability has been identified in the latest version of Flash Player for all operating systems, including Android.

Furthermore, it pointed out that according to reports the security hole is being exploited in the wild to infect Windows users with malware.

The vulnerability (CVE-2010-2884) also affects Adobe Reader and Acrobat 9.3.4 and earlier versions, due the Flash interpreter (authplay.dll) integrated into these products.

The company acknowledges Steven Adair of the Shadowserver Foundation, an outfit dedicated to fighting botnets and other cyberthreats, for working with it on the issue.

"Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1," the vendor writes in its new security bulletin.

For users who can't update to Flash Player 10 and are still using the 9.x branch, a patch has been released as Flash Player 9.0.283 and can be downloaded here.

It's also worth noting that Google Chrome users have been protected from this vulnerability since Saturday, when version 6.0.472.62 of the browser was released.

Since June Google Chrome ships with its own integrated version of Flash Player, built on the new Pepper Plugin API (PPAPI), which in the future will allow sandboxing Flash content.

Unfortunately, that is not also the case for Adobe Reader, which will remain vulnerable to attacks targeting this vulnerability for two more weeks.

Adobe Reader and Acrobat follow a uniform quarterly update cycle, meaning that even if a critical vulnerability is patched in Flash Player, attackers will still be able to exploit it by embedding malicious SWF content in PDF documents.

The latest version of Flash Player for Windows can be downloaded here.

The latest version of Flash Player for Mac can be downloaded here.

The latest version of Flash Player for Linux can be downloaded here.

TELL US WHAT YOU THINK:

2,030 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Flash Player Security Updates to Land on Monday
Actively Exploited Flash Player Vulnerability Patched in Chrome
Flash Zero-Day Actively Exploited in the Wild
Flash Player Vulnerable to Remote Binary Planting Attacks
Adobe's Products Lead in Number of Outdated Installations

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use