Adobe has released a product update to Adobe Flash Player to resolve the vulnerabilities that could cause the application to crash and could potentially allow an attacker to take control of the affected system.
The vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. Adobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64. The company also recommends users of Adobe AIR 184.108.40.20630 and earlier versions update to Adobe AIR 220.127.116.1110.
The latest Adobe Flash Player 10.1.53.64 can be downloaded from the Adobe Flash Player Download Center
or by using the auto-update mechanism within the product when prompted.
To address the vulnerabilities described in this Security Bulletin, a prerelease version of Flash Player 10.1 for Solaris platforms
is available from Adobe Labs.
For users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0, which can be downloaded from the following link
Adobe recommends all users of Adobe AIR 18.104.22.16830 and earlier versions update to the newest version 22.214.171.12410 by downloading it from the Adobe AIR Download Center
The vulnerability also exists in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, ADobde said.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable.
Adobe expects to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010. Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010.