Adobe has issued a security update for its widely-used Flash software, protecting against a number of critical security vulnerabilities that could be exploited by malicious hackers.
In a security bulletin published on its website, Adobe recommends that users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64.
In addition, the firm says that they expect to make available an update for Flash Player 10.x for the Android mobile operating system by November 9, 2010.
One of the vulnerabilities fixed by the updated version of Flash is CVE-2010-3654. Last week the firm warned that that exploit was being used by malicious hackers to target users of Flash, Acrobat and Adobe Reader. A fix for Reader and Acrobat is scheduled for the week of November 15.
If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. But remember that if you use more than one browser on your computer you should check the version number on each.
By the way, take a little care when installing a new version of Flash. You may want to think carefully about whether you also want to install McAfee Security Scan Plus.
Adobe rather cheekily (in my humble opinion) defaults to having that box selected by default even though it’s not necessary if all you want to do is update Flash.
It would obviously be a good idea for everyone to update vulnerable computers as soon as possible.
5 comments on “Zero-day Flash bugs squashed by Adobe”
Kind of sucky that this upgrade requires Adobe Air, yet another component that may be vulnerable to attack.
Seems Adobe have ditched the DLM? Mine was a direct download this time!
@arlo, I am using the newest flash and I don't have Adobe Air. When I installed the newest Flash I didn't get a Adobe Air query or anything. I also just checked my program list and there is no adobe air. Using Windows 7 machine.
Air and Flash updates go hand in hand. If you haven't previously installed Air it should not require you to install it. Another thing to remember is that Reader will not be updated until next day and most of the "in-the-wild" exploits for this flaw are targeting Reader at this time.
This whole thing about defaulting additional software has become epidemic. Justa about everyone these days wants to install Google toolbar, Ask Toolbar, Mcafee, etc.. Very annoying
Hank Arnold (MVP)