Adobe patches Flash Player zero-day

Adobe patches Flash Player zero-day

Summary: Adobe has shipped another Flash Player update to fix a critical vulnerability that was being exploited in live malware attacks.

SHARE:

Adobe has shipped another Flash Player update to fix a critical vulnerability that was being exploited in live malware attacks.

The flaw, which surfaced last week as a zero-day attack against Windows systems, allows remote code execution via rigged Flash files.

According to Adobe, the vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux and Solaris.   It also affects Flash Player 10.1.92.10 for Android.

The security hole also allows code execution on Adobe Reader but that product will not be patched until the week of October 4, 2010.follow Ryan Naraine on twitter

This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.1.85.3.

Topics: Security, Enterprise Software, Hardware, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

30 comments
Log in or register to join the discussion
  • RE: Adobe patches Flash Player zero-day

    "This version of Flash Player is not designed for Internet Explorer 9 Beta"
    Can I overlook this warning ?
    Is this update still bundled with the GoogleBar trojan ?
    ALISON SMOCK
    • RE: Adobe patches Flash Player zero-day

      @stebidri
      I installed the 10.1.85.3 update to the 32bit version of IE9 beta on a Vista x32 and Windows7 x64 system. This only works on the 32bit IE9 browser and not the 64bit version. I manually uninstalled the previous version via "Programs and Freatures" and then just brought up the 32bit version of IE9 beta and under MSN video it indicated that I needed to download Flash Player. Just clicked on it and was sent to Adobe and the Flash download. Just clicked on install and installed without any issues. Now the videos play without any problems or warning messages.

      les
      LesBater
      • RE: Adobe patches Flash Player zero-day

        vulnerability is being actively exploited in the wild against<a href="http://www.britishshakespeare.com/"><font color="light&amp;height"> british</font></a> urban from it <a href="http://www.houseofkidsnyc.com/"><font color="light&amp;height">kids</font></a> is from playing <a href="http://th-haint.com/"><font color="light&amp;height">saint</font></a> only goverment to need <a href="http://www.edifyonline.net/"><font color="light&amp;height">online</font></a> always today from <a href="http://ili-inter.com/"><font color="light&amp;height">finance</font></a> and lot of money Adobe
        gogon gondrong
      • RE: Adobe patches Flash Player zero-day

        @LesBater
        I am glad to be using an android tablet instead of an iPad so I can view flash content. It does have exploits sometimes but it is still practical to have.<br><br>posted via <a href="http://www.android-tablet.org/android/rumors-has-it-gamestop-is-planning-to-launch-a-branded-android-tablet/#axzz1XkeVIhoC">tablet android</a>
        Jeffrey1980
      • RE: Adobe patches Flash Player zero-day

        @LesBater Thanks for sharing. i really appreciate it that you shared with us such a informative post..
        <a href="http://www.papermoz.com/theses/">Theses</a> <a href="http://www.papermoz.co.uk/coursework/">Coursework</a> <a href="http://www.papermoz.co.uk/assignments/">Assignment</a>
        disturbforce
      • RE: Adobe patches Flash Player zero-day

        @LesBater I will forward this article to him. Pretty sure he will have a good read. Thanks for sharing!
        <a href="http://www.papermoz.com/dissertations/">Dissertation Writing</a> <a href="http://www.papermoz.com/assignments/">Assignment Writing</a>
        disturbforce
      • RE: Adobe patches Flash Player zero-day

        Very useful update. I finally got rid of the malware problem! I almost went crazy because of all the malware warnings! thanks! <a href="http://www.sonalis.de">Solarenergie</a> <a href="http://www.kotel.de">handyvertrag</a>
        DavidKlein
      • RE: Adobe patches Flash Player zero-day

        Proper use of Secure Socket Layer security is a mystery even to many virtual server administrators, but it seems to be mysterious even to the developers who build it into their products-whether they know it or not. <a href=http://wheretofindcoupons.net/>Where To Find Coupons</a>
        dhape
      • RE: Adobe patches Flash Player zero-day

        that problem was really huge for my computer systems. Malware was all about, even some different programs were infected. I had to uninstall everything and start from zero. Would have been great if I'd have read this first. Thanks for sharing and clarifying anyways! <a href="http://www.pc-xforce.de">pc system</a>
        RichardForbes
      • RE: Adobe patches Flash Player zero-day

        @LesBater Just clicked on install and installed without any issues. Now the videos play without any problems or warning messages.<a href="http://www.woodfielduniversity.com/">Life Experience Degree</a>
        disturbforce
      • RE: Adobe patches Flash Player zero-day

        Neither. Like most Adobe products, Reader provides its own Flash runtime rather than using a systemwide-installed version, such as the ActiveX control. In other words, when a Flash vulnerability is fixed, nearly every Adobe product needs to be re-released with the fixed runtime.
        <a href="http://www.hoteltelnet.hu/">budapest hotels</a>
        Amanda123456
      • RE: Adobe patches Flash Player zero-day

        The author has written an excellent article. You made your point and not much to discuss.<a href="http://www.iresourcer.com">advertise jobs</a> It's like this universal truth that you can not argue with the truth is not universal, everything has its exception. Thanks for this information.
        sandeep158
    • RE: Adobe patches Flash Player zero-day

      <a href="http://www.replicacool.org">fendi bags</a>
      xiaodou
    • RE: Adobe patches Flash Player zero-day

      <a href="http://www.replicawatchesbest.org">omega replica watches</a>
      xiaodou
  • Use Microsoft's EMET

    Use Microsoft's EMET:<br><br><a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04&displayLang=en" target="_blank" rel="nofollow">http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04&displayLang=en</a><br><br>EMET was previously outlined to short circuit the last PDF flaw (yes, while this issue is with Flash, EMET is a general purpose tool):<br><br><a href="http://news.cnet.com/8301-1009_3-20016161-83.html?tag=mncol;2n" target="_blank" rel="nofollow"><a href="http://news.cnet.com/8301-1009_3-20016161-83.html?tag=mncol;2n" target="_blank" rel="nofollow"><a href="http://news.cnet.com/8301-1009_3-20016161-83.html?tag=mncol;2n" target="_blank" rel="nofollow"><a href="http://news.cnet.com/8301-1009_3-20016161-83.html?tag=mncol;2n" target="_blank" rel="nofollow">http://news.cnet.com/8301-1009_3-20016161-83.html?tag=mncol;2n</a></a></a></a>

    In this case, add your browser to EMET. But beyond that, your email client (if you use one), media players (QuickTime, WinAmp, Windows Media Player), etc., etc. If it talks on the Net, you probably should be guarding that app with EMET.

    -M
    betelgeuse68
  • RE: Adobe patches Flash Player zero-day

    It certainly would be convenient to include a hot link to the update site
    ddrakewi
  • RE: Adobe patches Flash Player zero-day

    The Adobe DL site has not been updated yet .... still delivering 10.1.82.3 ........
    jheman2
  • RE: Adobe patches Flash Player zero-day

    ewet dedim ama neyse
    http://www.bbgporn.com/
    http://www.hmmtube.com/
    dogru deme
    http://www.erotiktube.org/
    http://www.52tube.com/
    http://www.wctube.com/
    http://www.cameporn.com/
    http://www.escortbayan9.com/
    tamam dedim
    myclub
  • RE: Adobe patches Flash Player zero-day

    Have people found this patch reliable I get errors in Chrome?<br><strong><a href="http://myobcoursesonline.net.au" rel="dofollow">myob courses</a></strong>
    mentorws
  • RE: Adobe patches Flash Player zero-day

    good read
    Jeffrey1980