David Baxter PhD
Late Founder
Adobe Patches Critical Flash Bug
by Dennis Fisher
September 20, 2010
Adobe has released a patch to fix a critical vulnerability in its ubiquitous Flash Player software that was disclosed last week. The company pushed up its release plans for the patch after reports emerged that the bug already was being exploited.
The details of the Flash vulnerability aren't public, but Adobe officials said last week that they were aware of public attacks against the bug.The patches released Monday fix the flaw on Windows, Mac OS X, Linux, Android and Solaris.
"A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date," the company said in its advisory.
Adobe published a patch for versions of Flash Player running in Google Chrome last week.
There is still an unpatched critical bug in Adobe Reader, which also is being exploited in the wild right now. Adobe has said that it plans to release a fix for that flaw in the first week of October.
by Dennis Fisher
September 20, 2010
Adobe has released a patch to fix a critical vulnerability in its ubiquitous Flash Player software that was disclosed last week. The company pushed up its release plans for the patch after reports emerged that the bug already was being exploited.
The details of the Flash vulnerability aren't public, but Adobe officials said last week that they were aware of public attacks against the bug.The patches released Monday fix the flaw on Windows, Mac OS X, Linux, Android and Solaris.
"A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date," the company said in its advisory.
Adobe published a patch for versions of Flash Player running in Google Chrome last week.
There is still an unpatched critical bug in Adobe Reader, which also is being exploited in the wild right now. Adobe has said that it plans to release a fix for that flaw in the first week of October.
