Flash Player Security Updates to Land on Monday

Adobe has announced that a new batch of Flash Player security updates are expected to land on Monday, September 20, and will include a fix for an actively exploited critical vulnerability.

At the beginning of the week, the company revealed that a new arbitrary code execution has been discovered in Flash Player 10.1.82.76, currently the latest version of the application.

It also warned that the bug, identified as CVE-2010-2884, is being exploited in the wild and announced plans to deliver a patch during the week of September 27.

Yesterday, the company amended its security advisory to announce that the patch has been pushed forward and will ship on Monday.

The upcoming updates will be available for all supported operating systems – Windows, Macintosh, Linux, Solaris, and Android.

Meanwhile, Google has already released a new stable version of its Chrome browser, with an updated Flash Player plugin, which contains a fix for this vulnerability.

Unfortunately, the Monday security patches will not resolve the problem entirely. Users of Adobe Reader or Acrobat will still be vulnerable to attacks exploiting this flaw.

This is because both products are capable of playing SWF content embedded in PDF documents, through a Flash Player interpreter integrated into them as authplay.dll.

This file only gets patched during an Adobe Reader and Acrobat update, so until that happens attackers will still be able to rig PDF files with malicious SWF and compromise computers.

Adobe said that security patches for these applications are expected for the week of October 4, which represents an acceleration of the quarterly updates, originally scheduled for October 12.

Due to their ubiquity, Adobe Reader and Flash Player are amongst the most targeted applications at the moment, partially because a lot of users fail to keep them up to date.

However, zero-day flaws being exploited in these two products have also become a common occurrence during the past two years, and so far the company has a hard time finding a solution to prevent this from happening.