Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat (UPDATED)
First published: 2010-09-14
Updated: 2010-09-21
Updated: 2010-10-04
Updated: 2010-10-06
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions. Adobe Reader and Acrobat version 9.3.4 and earlier versions are also vulnerable.
This is another vulnerability than the one reported last week - see our Security advisory 9 September.
Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
There are reports that this vulnerability is being actively exploited. As of this writing no updates are available.
Adobe has announced that security updates are being prepared for release:
- week 39 for Adobe Flash Player
- week 40 for Adobe Reader and Acrobat
More information is available in Adobe's security advisory 10-03.
This security advisory will be updated when more information is available.
Update 2010-09-21
Adobe has published a security update for Flash Player before the scheduled time.
More informatiaon and links to downloads is available in Adobe's Security Bulletin APSB10-22.
Norman recommends all users to update their Adobe Flash Player to the latest version.
Update 2010-10-04
Adobe has announced an accellerated release of its monthly security updates for Adobe Acrobat and Reader. The updates will be released 5 October and not 13 as originally planned.
The updates will fix the abovementioned vulnerability for Reader and Acrobat as well as other critical issues.
Update 2010-10-06
As announced Adobe has released security updates that solve the vulnerability related to this Norman Security Advisory, as well as several other vulnerabilities in Adobe Reader and Acrobat.
More information and links for downloading in Abobe Security Bulletin 10-21.
Norman recommends that users upgrade their Adobe products to the latest version.
