Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment. This vulnerability affects the following Adobe products:

• Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
• Flash Player 10.2.154.25 and earlier versions for Chrome
• Flash Player 10.2.156.12 and earlier versions for Android
• the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB11-07 and upgrade to Adobe Flash Player 10.2.159.1 for Windows, Macintosh, Linux, and Solaris. Google Chrome users should update to Chrome 10.0.648.205 to address this vulnerability. Adobe AIR users are encouraged to update to AIR 2.6.19140. The bulletin indicates that Adobe plans to make updates available for Flash Player for Android no later than the week of April 25, 2011.



Additional information can be found in US-CERT Vulnerability Note VU#230057.