Zero-day Flash bugs squashed by Adobe

Filed Under: Adobe, Adobe Flash, Malware, Vulnerability

Adobe Flash patched
Adobe has issued a security update for its widely-used Flash software, protecting against a number of critical security vulnerabilities that could be exploited by malicious hackers.

In a security bulletin published on its website, Adobe recommends that users of Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player

In addition, the firm says that they expect to make available an update for Flash Player 10.x for the Android mobile operating system by November 9, 2010.

One of the vulnerabilities fixed by the updated version of Flash is CVE-2010-3654. Last week the firm warned that that exploit was being used by malicious hackers to target users of Flash, Acrobat and Adobe Reader. A fix for Reader and Acrobat is scheduled for the week of November 15.

If you're not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. But remember that if you use more than one browser on your computer you should check the version number on each.

By the way, take a little care when installing a new version of Flash. You may want to think carefully about whether you also want to install McAfee Security Scan Plus.

Adobe rather cheekily (in my humble opinion) defaults to having that box selected by default even though it's not necessary if all you want to do is update Flash.

It would obviously be a good idea for everyone to update vulnerable computers as soon as possible.

, ,

You might like

5 Responses to Zero-day Flash bugs squashed by Adobe

  1. Arlo Guay · 1758 days ago

    Kind of sucky that this upgrade requires Adobe Air, yet another component that may be vulnerable to attack.

  2. Nick · 1758 days ago

    Seems Adobe have ditched the DLM? Mine was a direct download this time!

  3. Li Fong · 1758 days ago

    @arlo, I am using the newest flash and I don't have Adobe Air. When I installed the newest Flash I didn't get a Adobe Air query or anything. I also just checked my program list and there is no adobe air. Using Windows 7 machine.

    • Chester Wisniewski · 1758 days ago

      Air and Flash updates go hand in hand. If you haven't previously installed Air it should not require you to install it. Another thing to remember is that Reader will not be updated until next day and most of the "in-the-wild" exploits for this flaw are targeting Reader at this time.


  4. Hank Arnold · 1757 days ago

    This whole thing about defaulting additional software has become epidemic. Justa about everyone these days wants to install Google toolbar, Ask Toolbar, Mcafee, etc.. Very annoying

    Hank Arnold (MVP)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley