14 DAY TRIAL // Adobe has released a security update for Flash Player in order to address an arbitrary code execution vulnerability actively exploited in the wild since last week.
The critical vulnerability was confirmed by Adobe on April 11, after having been spotted in targeted email attacks by security reasearchers.
The rogue emails contained malicious Word files rigged with a SWF exploit and were sent to corporate users, most likely in an attempt to infect business computers with information stealing malware.
Identified as CVE-2011-0611, the vulnerability affected the stand alone version of Flash Player, as well as the plug-in bundled with Google Chrome and Adobe Reader and Acrobat via their authplay.dll component.
Google released version 10.0.648.205 of Chrome with an updated Flash plug-in and other fixes on Thursday and Adobe followed with Flash Player 10.2.159.1 for Windows, Macintosh, Linux, and Solaris, yesterday.
Adobe also released a new version of AIR, namely 2.6.19140, since the program is also Flash-dependent. An update to Flash Player for Android is expected during the week of April 25.
During the same period the company will deliver patches for Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.
While vulnerable, Adobe Reader X for Windows is protected from exploits thanks to its sandboxing technology. Therefore, the company will not patch it until the next quarterly security update, scheduled for June 14.
The latest version of Flash Player for Windows can be downloaded from here. The latest version of Flash Player for Mac can be downloaded from here. The latest version of Flash Player for Linux can be downloaded from here.
The latest version of Adobe AIR for Windows can be downloaded from here. The latest version of Adobe AIR for Mac can be downloaded from here. The latest version of Adobe AIR for Linux can be downloaded from here.