Copyright © 2009 Adobe Systems Incorporated. All rights reserved.
Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).
Search powered by Google™
Release date: July 30, 2009
Vulnerability identifier: APSB09-10
CVE number: CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870
Platform: All Platforms
Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. This bulletin will be updated to reflect their availability on that date. (The update for Adobe Flash Player v9 and v10 for Solaris is still pending.)
Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2.
Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions
To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Adobe AIR 1.5.1 and earlier versions
Adobe Flash Player
Adobe recommends all users of Adobe Flash Player 10.0.22.87 and earlier versions upgrade to the newest version 10.0.32.18 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.
For users who cannot update to Adobe Flash Player 10, Adobe has developed a patched version of Adobe Flash Player 9, Adobe Flash Player 9.0.246.0, which can be downloaded from the following link: http://www.adobe.com/products/flashplayer/fp_distribution3.html.
Adobe AIR
Adobe recommends all users of Adobe AIR version 1.5.1 and earlier update to the newest version 1.5.2 by downloading it from the Adobe AIR Download Center.
Adobe categorizes these as critical issues and recommends affected users patch their installations.
Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. This bulletin will be updated to reflect their availability on that date. (The update for Adobe Flash Player v9 and v10 for Solaris is still pending.)
Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2.
The update for Adobe Flash Player and Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862).
The update for Adobe Flash Player resolves the vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). This vulnerability could allow an attacker who successfully exploits the vulnerability to take control of the affected system (CVE-2009-0901, CVE-2009-2395, CVE-2009-2493).
The update for Adobe Flash Player and Adobe AIR resolves the privilege escalation vulnerability that could potentially lead to code execution (CVE-2009-1863).
The update for Adobe Flash Player and Adobe AIR resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864).
The update for Adobe Flash Player and Adobe AIR resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865).
The update for Adobe Flash Player and Adobe AIR resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866).
The update for Adobe Flash Player and Adobe AIR resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).
The update for Adobe Flash Player and Adobe AIR resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868).
The update for Adobe Flash Player and Adobe AIR resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).
The update for Adobe Flash Player and Adobe AIR resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870).
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers’ security:
Copyright © 2009 Adobe Systems Incorporated. All rights reserved.
Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).
Search powered by Google™