Flash Player

Adobe Flash Player 10.2.159.1 is now available! Download it from here: http://get.adobe.com/flashplayer/

Avira TechBlog: Today some updates need attention – they fix critical security issues and should be installed immediately! The update reign starts off with Apple. Critical security vulnerabilities are closed within the Safari web browser 5.0.5 – they allowed cyber criminals to smuggle in malware. For Mac users, additionally a security update is available for the Snow Leopard operating system. It fixes an issue with stolen certificates which arose a three weeks ago at Comodo and is amazingly tiny for an Apple security update, only 4 MByte. And then for iPhone, iPad and iPod Touch users the update to iOS 4.3.2 is available which basically closes the same security holes for the mobile devices as well. ...

Avira TechBlog: This is good news – for the recently acknowledged zero-day security vulnerability within Adobe Flash Player, Acrobat and Reader there will be a first update available tomorrow. Adobe updated their security advisory on that matter to reflect the update schedule – the Flash player update fixing the vulnerability for Windows, Mac, Linux and Solaris will be available tomorrow, Friday, April 15. For the also vulnerable Adobe Reader and Acrobat, updates are planned “no later than the week of April 25, 2011″. The only exception is Adobe Reader X for Windows which will be updated on the regular planned Patchday on June 14, as the integrated sandbox prevents successful exploitation there according to Adobe. ...

Avira TechBlog: Today is a busy day for those who want to keep their computers secure: Many updates are available, from Adobes Flash Player over Apples Mac OS X operating system to the Firefox web browser. There is a security vulnerability in Flash player which became public as a zero day vulnerability a week ago. It has been attacked in a limited fashion. Now Adobe released this security update which users can download from the website of the company. As this security vulnerability already gets actively exploited, users and administrators should apply the update immediately. ...

Microsoft Malware Protection Center: On March 14, Adobe released a security advisory (APSA11-01) warning of 0-day attacks affecting Adobe Flash Player (versions earlier than and including 10.2.152.33). These attacks were hidden inside Microsoft Excel documents that were used as a vehicle to deliver the exploit. The Adobe Flash file embedded inside the Excel file is another carrier for the exploit. It loads shellcode inside memory, performs heap-spraying, and loads a Flash byte stream from memory to exploit the 0-day vulnerability, which is tracked as CVE-2011-0609. ...

The Redmond company today published its announcement for the upcoming November Patch Tuesday. Microsoft wants to release 3 security bulletins which deal with 11 security vulnerabilities within Office and PowerPoint (up to the brand new Office 2011 for Mac) and Forefront Unified Access Gateway. A patch for the just recently detected 0-day vulnerability in Internet Explorer is not in the list. Adobe meanwhile ships an update for the Flash Player to version 10.1.102.64 today and plans one for the Reader and Acrobat next week. The Flash update is available via the Download Center and fixes the“authplay” vulnerability which got public last week. But the company has to deal with a new security vulnerability as well. It’s not yet exploited and it remains currently unknown whether it is exploitable to infect PCs with malware, but Adobe investigates the flaw. On a public security list a so-called Proof-of-Concept (PoC) has been published which just shows a Denial-of-Service attack. ...

Avira TechBlog: Adobe warns of a new vulnerability in Flash Player and in Reader. The problem is within authplay.dll and the corresponding .lib in the Unix versions. It allows attackers to inject malicious code like Trojans with specially prepared documents or Flash objects. The company works on a patch which it plans to release on the 9th of November. Until then, deleting the authplay library helps to prevent a successful attack. Flash or Reader will crash then when a file requests the services from authplay, but this is clearly better than having an infected system. ...

At its MAX conference, Adobe not only announced Air 2.5 for phones, tablets, and TVs but it also confirmed that it would be bringing Flash Player 10.1 to Microsoft’s Windows Phone 7, RIM’s BlackBerry OS, HP’s WebOS 2.0, Symbian, MeeGo, and the LiMo platform. Unfortunately, there’s still no timeline for a release on each platform; Adobe is only saying that Flash 10.1 is “expected” to hit each mobile OS. These six platforms will join Android 2.2, which has had Flash since June 2010. The current list of Adobe Flash Player 10.1 certified devices is thus not very long, but if Adobe manages to deliver on what it’s promising, it should grow very rapidly. The news today also means that the iOS is the only major mobile platform that will not support the plug-in: Apple won’t let it touch the iPhone, the iPod touch, or the iPad. ...

Adobe fixed the vulnerability in Flash Player in a record time again. Just one week after the 0-day became public and started to get exploited, an update is available to close the security hole. Even though Adobe Reader and Acrobat are affected (which are supposed to get an update in 2 weeks), until now we’ve only seen exploits against the Windows Flash Player. Users and administrators should update their Flash Player as soon as possible! The version 10.1.85.3 fixes the issue for Windows, Unix, Solaris and is available through Adobe’s download center. Android users can get the update to 10.1.95.1 on the Android Market Place. ...