14 DAY TRIAL // Adobe has released Flash Player 10.1.85.3 in order to address a critical remote code execution vulnerability that was being actively exploited in the wild.
Last Monday, on September 13, Adobe warned customers that a previously unknown vulnerability has been identified in the latest version of Flash Player for all operating systems, including Android.
Furthermore, it pointed out that according to reports the security hole is being exploited in the wild to infect Windows users with malware.
The vulnerability (CVE-2010-2884) also affects Adobe Reader and Acrobat 9.3.4 and earlier versions, due the Flash interpreter (authplay.dll) integrated into these products.
The company acknowledges Steven Adair of the Shadowserver Foundation, an outfit dedicated to fighting botnets and other cyberthreats, for working with it on the issue.
"Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1," the vendor writes in its new security bulletin.
For users who can't update to Flash Player 10 and are still using the 9.x branch, a patch has been released as Flash Player 9.0.283 and can be downloaded here.
It's also worth noting that Google Chrome users have been protected from this vulnerability since Saturday, when version 6.0.472.62 of the browser was released.
Since June Google Chrome ships with its own integrated version of Flash Player, built on the new Pepper Plugin API (PPAPI), which in the future will allow sandboxing Flash content.
Unfortunately, that is not also the case for Adobe Reader, which will remain vulnerable to attacks targeting this vulnerability for two more weeks.
Adobe Reader and Acrobat follow a uniform quarterly update cycle, meaning that even if a critical vulnerability is patched in Flash Player, attackers will still be able to exploit it by embedding malicious SWF content in PDF documents.
The latest version of Flash Player for Windows can be downloaded here.
The latest version of Flash Player for Mac can be downloaded here.
The latest version of Flash Player for Linux can be downloaded here.