Adobe releases Flash Player 10.1, fixes 32 bugs

Share this article:
Adobe on Thursday officially released Adobe Flash Player 10.1 to fix 32 vulnerabilities, some of which could cause an application to crash or allow an attacker to take control of an affected system.

Flash 10.1 has been available in beta for a number of months but was officially released this week for Windows, Macintosh, Linux operating systems. Among the vulnerabilities fixed includes a "critical" memory corruption weakness disclosed last week that is being actively exploited in the wild.

The flaw, which could cause a crash or lead to code execution, is present in Flash 10.0.45.2 and earlier versions. It also affects the authplay.dll component of Adobe Reader and Acrobat 9. That software is scheduled to be patched for the flaw on June 29.

“It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA [quality assurance] process,” Andrew Storms, director of security at vulnerability management firm nCircle said in a statement.

The update also includes fixes for a number of other bugs, which could allow an attacker to execute arbitrary code or cause a denial-of-service condition affecting Flash 10.0.45.2 and earlier versions and Adobe AIR 1.5.3.9130 and earlier versions. Users of AIR should update to version 2.0.2.12610.

Additionally, a prerelease version of Flash 10.1 for Solaris is available to address the vulnerabilities, Adobe said. Users who cannot update to Flash 10.1 can deploy a patched version of Flash 9, which was also released Thursday.

In an advisory posted Thursday, US-CERT encouraged users and administrators to review Adobe's security bulletin and update. Adobe classified the update as critical and also recommended users move to the newest versions. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.