Adobe planning emergency Flash fix for Thursday

Adobe released an advisory earlier this week regarding a critical vulnerability found in Flash and Acrobat.

The company now plans to issue an emergency patch to fix the Flash flaw on Thursday June 10. The vulnerability, found in authplay.dll can allow an attacker to crash and potentially control an affected system. Affected versions include; Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.

Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX are also affected and will be patched on June 29. Adobe typically releases quarterly security updates and the next was originally scheduled for July 13. The company has accelerated the update in response to the 0-day flaw. "We also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments", said Brad Arkin, Adobe's director of product security and privacy.

Adobe plans to make the Flash Player 10.x update available for Windows, Macintosh, and Linux by June 10, 2010. The date for Flash Player 10 for Solaris is still to be determined. Flash 10.1 RC versions are unaffected by the flaw.

Report a problem with article
Previous Story

Ford adds Google Maps driving directions into Microsoft powered SYNC

Next Story

Microsoft shows new Windows Phone 7 build

18 Comments

Commenting is disabled on this article.

My computer was infected yesterday with fake antivirus software as a result of this vulnerability. I had Google Chrome and AdBlock as well, but some sort of Javascript must have executed itself on GamesRadar.com and I was infected. I had to reformat my computer yesterday.

I am using Foxit Reader from now on for my PDFs. I am also updating to Flash 10.1 as well.

XX55XX said,
My computer was infected yesterday with fake antivirus software as a result of this vulnerability. I had Google Chrome and AdBlock as well, but some sort of Javascript must have executed itself on GamesRadar.com and I was infected. I had to reformat my computer yesterday.

I am using Foxit Reader from now on for my PDFs. I am also updating to Flash 10.1 as well.


Javascript != Flash or PDF files dude....

Does Adobe Acrobat or Flash having a security vulnerability really count as news? It's a bit like saying "Pope found practising Catholicism".

Adobe and security issues are a universal constant.

(Oh and I can't wait for the load of **** this washes up as it gets rolled out at work)

Considering how widespread Flash and Acrobat installs are, having a quarterly patch schedule is a joke. I'm sure their customers with large managed environments would suffer a patch to ensure they had a large managed and secure environment.

protocol7 said,
Considering how widespread Flash and Acrobat installs are, having a quarterly patch schedule is a joke. I'm sure their customers with large managed environments would suffer a patch to ensure they had a large managed and secure environment.

I hate Steve Jobs, but I do agree that Vector Animation and Video Players should be HTML standards and are supported OOB in browsers.

Lechio said,
But no, that version isn't largely available to everyone yet. It's a Release Candidate.

Err, yes. It's available to everyone. Most people might choose not to go there, but it is still available.

randomevent said,

Err, yes. It's available to everyone. Most people might choose not to go there, but it is still available.

With largely available I (obviously) mean largely deployed. It's an RC, most people don't even know about those... Meanwhile a great amount of systems gets compromised.

crispkreme said,
Good thing I'm using 10.1.

it's off topic, but i noticed you had a dr rabbit avatar. have you by chance seen the "this is dental floos" sparta remix?