Adobe releases Flash Player 10.1, fixes 32 bugs

Share this article:
Adobe on Thursday officially released Adobe Flash Player 10.1 to fix 32 vulnerabilities, some of which could cause an application to crash or allow an attacker to take control of an affected system.

Flash 10.1 has been available in beta for a number of months but was officially released this week for Windows, Macintosh, Linux operating systems. Among the vulnerabilities fixed includes a "critical" memory corruption weakness disclosed last week that is being actively exploited in the wild.

The flaw, which could cause a crash or lead to code execution, is present in Flash 10.0.45.2 and earlier versions. It also affects the authplay.dll component of Adobe Reader and Acrobat 9. That software is scheduled to be patched for the flaw on June 29.

“It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA [quality assurance] process,” Andrew Storms, director of security at vulnerability management firm nCircle said in a statement.

The update also includes fixes for a number of other bugs, which could allow an attacker to execute arbitrary code or cause a denial-of-service condition affecting Flash 10.0.45.2 and earlier versions and Adobe AIR 1.5.3.9130 and earlier versions. Users of AIR should update to version 2.0.2.12610.

Additionally, a prerelease version of Flash 10.1 for Solaris is available to address the vulnerabilities, Adobe said. Users who cannot update to Flash 10.1 can deploy a patched version of Flash 9, which was also released Thursday.

In an advisory posted Thursday, US-CERT encouraged users and administrators to review Adobe's security bulletin and update. Adobe classified the update as critical and also recommended users move to the newest versions. 

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.