Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Alert SA10-223A archive

Adobe Flash and AIR Vulnerabilities

Original release date: August 11, 2010
Last revised: --
Source: US-CERT

Systems Affected

  • Adobe Flash Player
  • Adobe AIR

Other Adobe products that support Flash may also be vulnerable.


Overview

There are vulnerabilities in Adobe Flash player and AIR. An attacker could exploit these vulnerabilities to take control of your computer.


Solution

Update Flash Player and Adobe AIR

Adobe Security Bulletin APSB10-16 recommends updating using the Adobe Flash Player Download Center and the Adobe AIR Download Center. Both Flash Player and AIR support automatic updates. Following these instructions will update the Flash web browser plug-in and ActiveX control, as well as AIR. However, it will not update Flash support in Adobe Reader, Acrobat, or other products.

To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique.

Disable Flash in your web browser

Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser. Note that disabling Flash may affect your browsing experience on certain websites.


Description

Adobe Security Advisory APSB10-16 describes vulnerabilities in Flash Player and AIR. Flash content could be on a web page, in a PDF document, in an email attachment, or embedded in another file.

By convincing you to open malicious Flash content, an attacker may be able to take control of your computer or cause it to crash.


References


Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use


Revision History

August 11, 2010: Initial release

Last updated August 11, 2010
print this document