SECURE IT ALERT: Security Update for Adobe Flash Player on Windows, Mac, Linux, Android, etc.

Secure IT Alert Header
Homeland Secure IT Alert

Secure IT Alert for Tuesday, September 21, 2010

This is not a repeat… I repeat, this is not a repeat. Sorry, that was redundant…

Adobe announced yesterday, September 20th, the release of additional patches to Adobe Flash Player to address vulnerabilities. These affect Microsoft Windows, as well as Mac, Linux, Solaris and even Android.

It’s the same old song and dance with this one…  Update your Flash Player or risk being exploited. This *may* affect Adobe Reader as well, but Adobe’s announcement indicates that they will not address the potential threat to Adobe Reader in October updates. Presumably because it is not being actively exploited (yet).

As always, avoid random browsing to unknown / untrusted /shady sites, and don’t follow unexpected links in email… Keep your operating system up to date with patches. Insure you have the best Anti-Virus protection you can possibly afford, such as Trend Micro Internet Security or Trend Micro Worry-Free Business Security and that it is function and up-to-date. If your computer is acting differently than normal, including slow response, unusual pop-ups, random shutdowns, etc, contact a computer service or support professional, especially if that computer is used for business or financial purposes.

Included below is the original Adobe Security Bulletin.  If you require assistance with this or any other computer or network security issue in the Greenville or Upstate SC area, please call us at 864.990.4748 or email info@homelandsecureit.com

Security update available for Adobe Flash Player

Release date: September 20, 2010

Vulnerability identifier: APSB10-22

CVE number: CVE-2010-2884

Platform: All Platforms

SUMMARY

critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

AFFECTED SOFTWARE VERSIONS

Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

SOLUTION

Adobe recommends all users of Adobe Flash Player 10.1.82.76 and earlier versions upgrade to the newest version 10.1.85.3 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.

Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone.

For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here.

SEVERITY RATING

Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.

DETAILS

critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.

Google Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414.

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Leave a Reply

Your email address will not be published. Required fields are marked *