Security News

Adobe fixes major Flash Player vulnerability

By Tim Conneally | Published July 31, 2009, 4:07 PM

On Friday, Adobe issued an out-of-cycle security update to Flash Player, Adobe Reader and Acrobat that fixes several critical cross-platform vulnerabilities, one of which is related to Microsoft's Active Template Library (ATL) vulnerability announced earlier this week.

The software affected in today's update is:

  • Adobe Flash Player (9.0.159.0) and (10.0.22.87) as well as older 9.xx and 10.xx versions
  • Adobe AIR 1.5.1 and earlier
  • Adobe Reader 9.1.2 and earlier
  • Adobe Acrobat 9.1.2 and earlier

    • The update for Flash Player fixes, among other things, the problems associated with the compromised version of ATL which could allow remote code execution to take place. Adobe recommends all users of Flash Player 10.0.22.87 and earlier upgrade to 10.0.32.18 or by auto-updating when prompted. If 10.0.32.18 cannot be installed, Adobe has created Flash Player 9.0.246.0 which can be obtained here.

    The updates for Reader and Acrobat vary by operating system and version, but Adobe provides links to each respective version in the security bulletin. Because this update came out of cycle for Reader and Acrobat, Adobe has revised its schedule for quarterly security updates so that the next set of patches will arrive on October 13.

    Comments

    View comments by with a score of at least

    kevinmook
    Jul 31, 2009 - 6:47 PM

    This is nice, but when are they going to make it not suck on platforms other than Windows?

    Score: 0

    |
    Post Reply
    KingMotley
    Jul 31, 2009 - 8:56 PM

    Shortly after they make it not suck on Windows I suppose.

    Score: 1

    |
    Post Reply
    bousozoku
    Aug 1, 2009 - 1:30 PM

    For the longest time, it was much, much worse on Mac OS/Mac OS X, but as Adobe were working on CS3, Apple had to help them and Flash on Mac OS X is not much worse now.

    I wonder if it would have been better as it was originally, part of a small company.

    Funny that Microsoft's development products cause other products to be problematic and people still use them.

    Score: 0

    |
    Post Reply

    Mark Russinovich on MinWin, the new core of Windows

    The next version of Windows three years hence will likely build onto a significant architectural change implemented in Windows 7 and Server 2008 R2.

    Security firm: Windows patches not responsible for 'Black Screen of Death'

    On second thought, maybe that access control list thingie with the lockdown something-or-rather didn't trigger an alleged, perhaps non-existent, pandemic.

    My Windows 7 confession (and why you should confess, too)

    I've held back the real reason for sticking with Windows 7, even as, gulp, iLife calls me to go back to the Mac.

    Apple settles with Psystar except for 'circumvention devices'

    The fracas with the Florida clone computer maker might have ended today had Apple not have muddled the issue over a cheap piece of Psystar software.

    Google begrudgingly adjusts news crawling for paid publishers

    If publishers want to make readers pay for news content, and thereby drive down its popularity and Google ranking, the company says, they can just go right on ahead.

    Fee or free? Murdoch, Huffington square off over the cost of Internet news

    Participants in an FTC workshop yesterday witnessed the two extremes of the Web news publishing debate, still centered on the issue of long-term profitability.

    Microsoft denies latest 'Black Screen of Death' claims

    After an anti-malware producer announced a fix to what it says is a swarm of recent KSoD problems, evidence of the swarm itself has yet to turn up.

    Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

    A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

    Confirmed: Office 2010 to ship in June

    Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

    New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

    As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

    Without its own 'iTablet' yet, is Apple missing the boat?

    Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?