Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Adobe has issued an out-of-band patch for the zero-day flaw in its Flash player.
As detailed by SC Magazine last week, the critical vulnerability was being exploited in the wild and involved a Flash (.swf) file, embedded in a Microsoft Excel (XLS) file, being delivered as an email attachment that could cause a crash and potentially allow an attacker to take control of the affected system.
The vulnerability (CVE-2011-0609) affected Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, Flash Player 10.2.154.18 and earlier for Chrome users and Flash Player 10.1.106.16 and earlier for Android, AIR 2.5.1, Windows, Macintosh and Linux.
Adobe also issued a patch for its Reader and Acrobat products, with the same vulnerability being identified in the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Adobe recommended users of Adobe Reader X (10.0.1) for Macintosh to update to Adobe Reader X (10.0.2), while users of Adobe Reader 9.4.2 for Windows and Macintosh should use Adobe Reader 9.4.3. Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh to update to Adobe Acrobat X (10.0.2) and users of Adobe Acrobat 9.4.2 for Windows and Macintosh should update to Adobe Acrobat 9.4.3.
It concluded by saying that due to Adobe Reader X Protected Mode preventing an exploit of this kind from executing, it is planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, which is currently scheduled for 14th June 2011.
This article originally appeared at scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.