Copyright © 2010 Adobe Systems Incorporated. All rights reserved.
Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).
Search powered by Google™
Release date: February 11, 2010
Vulnerability identifier: APSB10-06
CVE number: CVE-2010-0186, CVE-2010-0187
Platform: All Platforms
A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests.
Adobe recommends users of Adobe Flash Player 10.0.42.34 and earlier versions update to Adobe Flash Player 10.0.45.2. Adobe recommends users of Adobe AIR version 1.5.3.1920 and earlier versions update to Adobe AIR 1.5.3.1930.
Adobe Flash Player 10.0.42.34 and earlier versions
Adobe AIR 1.5.3.1920 and earlier versions
To verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
To verify the Adobe AIR version number installed on your system, access the Adobe AIR TechNote for instructions.
Adobe Flash Player
Adobe recommends all users of Adobe Flash Player 10.0.42.34 and earlier versions upgrade to the newest version 10.0.45.2 by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.
Adobe AIR
Adobe recommends all users of Adobe AIR version 1.5.3.1920 and earlier update to the newest version 1.5.3.1930 by downloading it from the Adobe AIR Download Center.
Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.
A critical vulnerability has been identified in Adobe Flash Player version 10.0.42.34 and earlier. This vulnerability (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. This update also resolves a potential Denial of Service issue (CVE-2010-0187).
Adobe recommends users of Adobe Flash Player 10.0.42.34 and earlier versions update to Adobe Flash Player 10.0.45.2. Adobe recommends users of Adobe AIR version 1.5.3.1920 and earlier versions update to Adobe AIR 1.5.3.1930.
Affected software |
Recommended player update |
Availability |
Flash Player 10.0.42.34 and earlier |
10.0.45.2 |
|
Flash Player 10.0.42.34 and earlier - network distribution |
10.0.45.2 |
|
Flash Player 10.0.42.34 and earlier for Linux |
10.0.45.2 |
|
AIR 1.5.3.1920 |
AIR 1.5.3.1930 |
|
Flash CS4 Professional |
10.0.45.2 |
|
Flash CS3 Professional |
9.0.262 |
|
Flex 3 |
10.0.45.2 |
Note: The Adobe Flash Player 10.1 release, expected in the first half of 2010, will be the last version to support Macintosh PowerPC-based G3 computers. Adobe will be discontinuing support of PowerPC-based G3 computers and will no longer provide security updates after the Flash Player 10.1 release. This unavailability is due to performance enhancements that cannot be supported on the older PowerPC architecture.
Adobe would like to thank Michael Yong Park for reporting the relevant issue (CVE-2010-0186) and for working with Adobe to help protect our customers.
Copyright © 2010 Adobe Systems Incorporated. All rights reserved.
Use of this website signifies your agreement to the Terms of Use and Online Privacy Policy (updated 07-14-2009).
Search powered by Google™