Security problems don’t just impact operating systems and Web browsers: any software that has a broad user base is going to be targeted by cybercriminals and attacks. Now Adobe has released a large patch to deal with security problems in Flash Player designed to mitigate attacks already being used “in the wild” on the Internet, and is urging all users to update their software as soon as possible. However, Adobe Reader and Acrobat updates won’t be available until the end of the month—if they want protection, they’ll have to manually remove a DLL from their software installations.
The problems addressed by the updates impact Adobe Flash Player 10.0.45.2 and earlier for Windows, Linux, Mac OS X, and Solaris; Adobe AIR 1.5.3.9130 and earlier for Windows, Mac OS X, and Linux; and Adobe Reader and Adobe Acrobat 9.x for Windows, Mac OS X, and Unux. (Adobe Reader and Acrobat 8.x aren’t impacted.) The update fixes some 32 vulnerabilities in Flash.
Adobe recommends users of Flash 10.0 update to Flash 10.1.53.64 from Adobe’s Flash Download Center; folks who can’t update to Flash 10.1 can also get a patched version of Flash Player 9.0.227.0.
Adobe expects to patch Adobe Reader and Acrobat 9.x by the end of June; in the meantime, users can mitigate the vulnerability by removing the AuthPlayLib.dll from the application; Adobe provides instructions for Mac OS X, WIndows, and Unix in a security bulletin. However, it must be noted that the Reader/Acrobat problem is already being exploited on the Internet, and folks who use the application would be well-advised not to wait until late June for an update from Adobe.
