Adobe Plugs Critical Vulnerabilities in Flash Player 9.0 and 10.0
Adobe recently announced that is aware of critical vulnerabilities affecting Adobe Reader 9.1.2, Acrobat Reader 9.1.2, Adobe Flash Player 9, and Adobe Flash Player 10. The company announced that by the end of the month these issues, which apparently the company knew about for 8 months, will be addressed. On July 30th Adobe said it will release an update for Flash Player; Adobe also said it will release an update for Adobe Reader and Acrobat by the 31st of July.
True to its word, the California-based company that specializes in creating multimedia and creativity software products has released Flash Player version 10.0.32.18. You are very well advised to download the update, apply it and protect yourself from a vulnerability that is being actively exploited in the wild – vulnerability that could grant the attacker complete control of the targeted system.
"Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends all users of Adobe Flash Player 10.0.22.87 and earlier versions upgrade to the newest version 10.0.32.18 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted,” explained Adobe.
It would seem that Adobe knew about this problem for a long, long time – about 8 months to be more precise. The security hole was initially brought to light on the 31st of December, 2008, but at the time it was erroneously diagnosed as a “data loss corruption” issue. Just because Adobe misdiagnosed the issue, this does not mean hackers and other people with malicious intent did the same. Quite the opposite – they started to use the security hole to attack vulnerable systems. When Adobe got wise to this fact, it locked access to the bug ticket and posted a note saying that it has been reclassified as a security bug and a patch will be issued in the future.
It’s good to see that a fix has finally been issued. Now we’re all waiting for the Adobe Reader and Acrobat fix to be released so that we can patch the software and stay safe.
UPDATE: Adobe has released a fix for the Adobe Reader and Acrobat vulnerability as well: Adobe Reader 9.1.3 and Acrobat 9.1.3. Details here.
True to its word, the California-based company that specializes in creating multimedia and creativity software products has released Flash Player version 10.0.32.18. You are very well advised to download the update, apply it and protect yourself from a vulnerability that is being actively exploited in the wild – vulnerability that could grant the attacker complete control of the targeted system.
"Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends all users of Adobe Flash Player 10.0.22.87 and earlier versions upgrade to the newest version 10.0.32.18 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted,” explained Adobe.
It would seem that Adobe knew about this problem for a long, long time – about 8 months to be more precise. The security hole was initially brought to light on the 31st of December, 2008, but at the time it was erroneously diagnosed as a “data loss corruption” issue. Just because Adobe misdiagnosed the issue, this does not mean hackers and other people with malicious intent did the same. Quite the opposite – they started to use the security hole to attack vulnerable systems. When Adobe got wise to this fact, it locked access to the bug ticket and posted a note saying that it has been reclassified as a security bug and a patch will be issued in the future.
It’s good to see that a fix has finally been issued. Now we’re all waiting for the Adobe Reader and Acrobat fix to be released so that we can patch the software and stay safe.
UPDATE: Adobe has released a fix for the Adobe Reader and Acrobat vulnerability as well: Adobe Reader 9.1.3 and Acrobat 9.1.3. Details here.
