Apple and Adobe update their wares

Filed Under: Adobe, Adobe Flash, Apple, OS X, Vulnerability

Android Flash logo

Time to update your Adobe Flash Players! Adobe has released Flash Player 10.1.85.3 for Windows, Macintosh, Linux and Solaris and 10.1.92.10 for Android (Froyo). As in the past follow the usual procedure to update by visiting http://get.adobe.com/flashplayer. Android users can visit the Android Market to download the update as well. iPhone users, sorry no Flash for you!

This is a critical fix that I highly recommend you install immediately. This attack has been used in the wild since at least early September. Updates for Adobe Reader and Acrobat fixing this flaw and others will be released on October 4th.

Interestingly Google Chrome users received the updated version of Flash in an update that occurred automatically on Friday September 17th. I am quite a big fan of the integrated PDF viewing, Flash and other addons in Chrome that are always transparently updating. While Firefox is good at notifying me about out of date plugins and automatically downloading browser releases, Chrome makes it even more transparent. It does make testing vulnerabilities more difficult, but considering that is a bit of a niche problem, I can deal with it.

If you are a Linux user running a 64 bit variant Adobe has also released a beta release of Flash player compiled for x64 architecture.

For you Apple lovers who may be disappointed that your phone isn't vulnerable, don't worry. Apple has released a patch for OS X Snow Leopard today that fixes a flaw in the Apple Filing Protocol. This is a critical fix as it allows unauthenticated access to AFP file shares on Snow Leopard computers. To apply the fix simply click the Apple in the upper-left corner and choose Software Update.

If you are interested in learning more about how cybercriminals are taking advantage of Adobe Reader and Acrobat check back here late next week. Sophos's Paul Baccas from SophosLabs UK will be presenting his paper "Finding rules for heuristic detection of malicious PDFs: with analysis of embedded exploit code" at the Virus Bulletin 2010 conference.

, , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.