Adobe issues security update for Flash exploit

Adobe issued over the weekend a new security update to address the latest zero-day vulnerability in its widely used Flash player software. The update came amid reports that the vulnerability is being exploited and could affect users running early versions of Adobe Flash software. “Adobe recommends users of Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.159.1 (Adobe Flash Player 10.2.154.27 for Chrome users). Adobe recommends users of Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux update to Adobe AIR 2.6.19140," it said in a security bulletin. It added that it expects to make available an update for Adobe Flash Player 10.2.156.12 and earlier versions for Android no later than the week of April 25. Flash is a multimedia platform that enables animation and interactive features. It is used in many websites. The vulnerability is in Adobe Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.2.156.12 and earlier versions for Android. Adobe said this vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. It cited reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment, targeting the Windows platform. Affected software Adobe said that the software affected by the zero-day vulnerability includes:

• Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
• Adobe Flash Player 10.2.154.25 and earlier versions for Chrome users
• Adobe Flash Player 10.2.156.12 and earlier for Android
• Adobe AIR 2.6.19120 and earlier versions for Windows, Macintosh and Linux

To verify which version of Adobe Flash Player is installed on one’s system, one may access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player" from the menu. “If you use multiple browsers, perform the check for each browser you have installed on your system," Adobe said. Adobe recommends all users of Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris upgrade to the newest version 10.2.159.1 by downloading it from the Adobe Flash Player Download Center. Microsoft Windows users can install the update via the auto-update mechanism within the product when prompted. Google Chrome users can update to Chrome version 10.0.648.205 or later. Meanwhile, an article on PC World said that Adobe does not plan to produce an update for Adobe Reader X for Windows until the next scheduled quarterly update in June. It said the Protected Mode sandbox security in Reader X for Windows will prevent any exploit from executing. — TJD, GMA News