Adobe releases Flash Player 10.1, fixes 32 bugs

Share this article:
Adobe on Thursday officially released Adobe Flash Player 10.1 to fix 32 vulnerabilities, some of which could cause an application to crash or allow an attacker to take control of an affected system.

Flash 10.1 has been available in beta for a number of months but was officially released this week for Windows, Macintosh, Linux operating systems. Among the vulnerabilities fixed includes a "critical" memory corruption weakness disclosed last week that is being actively exploited in the wild.

The flaw, which could cause a crash or lead to code execution, is present in Flash 10.0.45.2 and earlier versions. It also affects the authplay.dll component of Adobe Reader and Acrobat 9. That software is scheduled to be patched for the flaw on June 29.

“It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA [quality assurance] process,” Andrew Storms, director of security at vulnerability management firm nCircle said in a statement.

The update also includes fixes for a number of other bugs, which could allow an attacker to execute arbitrary code or cause a denial-of-service condition affecting Flash 10.0.45.2 and earlier versions and Adobe AIR 1.5.3.9130 and earlier versions. Users of AIR should update to version 2.0.2.12610.

Additionally, a prerelease version of Flash 10.1 for Solaris is available to address the vulnerabilities, Adobe said. Users who cannot update to Flash 10.1 can deploy a patched version of Flash 9, which was also released Thursday.

In an advisory posted Thursday, US-CERT encouraged users and administrators to review Adobe's security bulletin and update. Adobe classified the update as critical and also recommended users move to the newest versions. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.