Flash 10.1 has been available in beta for a number of months but was officially released this week for Windows, Macintosh, Linux operating systems. Among the vulnerabilities fixed includes a "critical" memory corruption weakness disclosed last week that is being actively exploited in the wild.
The flaw, which could cause a crash or lead to code execution, is present in Flash 10.0.45.2 and earlier versions. It also affects the authplay.dll component of Adobe Reader and Acrobat 9. That software is scheduled to be patched for the flaw on June 29.
“It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA [quality assurance] process,” Andrew Storms, director of security at vulnerability management firm nCircle said in a statement.
The update also includes fixes for a number of other bugs, which could allow an attacker to execute arbitrary code or cause a denial-of-service condition affecting Flash 10.0.45.2 and earlier versions and Adobe AIR 184.108.40.20630 and earlier versions. Users of AIR should update to version 220.127.116.1110.
Additionally, a prerelease version of Flash 10.1 for Solaris is available to address the vulnerabilities, Adobe said. Users who cannot update to Flash 10.1 can deploy a patched version of Flash 9, which was also released Thursday.
In an advisory posted Thursday, US-CERT encouraged users and administrators to review Adobe's security bulletin and update. Adobe classified the update as critical and also recommended users move to the newest versions.