SECURE IT ALERT: Adobe addresses vulnerabilities in Reader, Acrobat & Flash Player

Secure IT Alert Header

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, November 19, 2010

This week, Adobe released additional updates that cover Adobe Reader, Acrobat and Flash Player… The existing bulletin published on October 28th was updated to cover the changes…

I have attached the updated security bulletin below, but in short, if you are using Adobe products, it is important that you apply these updates. The affected platforms are Microsoft Windows & Microsoft Windows Server, Macintosh OS X, UNIX, Solaris, and as well as Android!

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

Release date: October 28, 2010

Last updated: November 16, 2010

Vulnerability identifier: APSA10-05

CVE number: CVE-2010-3654

Platform: All Platforms

SUMMARY

critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. Adobe recommends users of Adobe Flash Player 10.1.95.1 for Android update to Adobe Flash Player 10.1.105.6. For More information, please refer to Security Bulletin APSB10-26.

Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1. For more information, please refer to Security Bulletin APSB10-28.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.1.95.2 and earlier for Android
  • Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX*
  • Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh*

*Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe Reader for Android is not affected by this issue.

SEVERITY RATING

Adobe categorizes this as a critical issue.

DETAILS

critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation is available for Adobe Reader and Acrobat 9.x customers as detailed above. Adobe Reader for Android is not affected by this issue.

Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. Adobe recommends users of Adobe Flash Player 10.1.95.1 for Android update to Adobe Flash Player 10.1.105.6. For More information, please refer to Security Bulletin APSB10-26.

Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1. For more information, please refer to Security Bulletin APSB10-28.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL:http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

DETAILS

November 16, 2010 – Updated with information on the Adobe Reader and Acrobat updates.
November 9, 2010 – Updated with information on the Flash Player for Android update.
November 4, 2010 – Updated with information on Security Bulletin APSB10-26.
November 2, 2010 – Updated information on the release schedule.
October 28, 2010 – Advisory released.

If you require any assistance with these or any other updates, please call us at 864.990.4748 or email info@homelandsecureit.com. We provide full computer and network service, support, repair and consultation to the Greenville / Upstate SC region!

Homeland Secure IT Alert Footer

Homeland Secure IT Alert

Leave a Reply

Your email address will not be published. Required fields are marked *