Adobe Releases Security Bulletin for Flash Player, Reader, and Acrobat

Adobe has released a security advisory to alert users of a vulnerability affecting the following applications:

• Adobe Flash Player 10.1.85.3 and earlier for Windows, Macintosh, Linux, and Solaris
• Adobe Flash Player 10.1.95.2 and earlier for Android
• Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh, and Unix
• Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh

Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that there are reports of active exploitation affecting Adobe Reader and Acrobat.



US-CERT encourages users and administrators to review Adobe security advisory APSA10-05 and consider implementing the suggested workarounds to help mitigate the risks until the vendor releases a fix. The advisory indicates that updates for Adobe Flash Player will be available by November 9, 2010 and updates for Adobe Reader and Acrobat will be available by November 15, 2010.



Additional information regarding this vulnerability can be found in US-CERT vulnerability note VU#298081. US-CERT will provide updates as details become available.