Adobe Pushes Out Flash Player Patch

Adobe is pushing out an emergency security bulletin today in concert with a Google Chrome update to address six critical vulnerabilities in versions of its Flash Player, the company said in an email statement.

The update will address critical vulnerabilities in Adobe Flash Player 10.3.183.7 and earlier versions running on the Windows, Macintosh, Linux, and the Solaris operating systems. It will also include an update for Flash Player 10.3.186.6 and earlier versions running on the Android platform. If left unpatched, these bugs could potentially lead to crashes or allow attackers to take control of a given system.

Already there are reports floating around that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in cross site scripting attacks that attempt to trick Adobe users into following a malicious link delivered via email.

Adobe recommends that Windows, Macintosh, Linux and Solaris users update to version 10.3.183.10 and that Android users update to version 10.3.186.7 until the official patch is released.

Adobe’s products are a common target of attack. In recent months, the company has been working closely with Google and other firms to address serious holes that are discovered in its products.
In the case of the Player fix, it was Google that first pushed out the patch via Chrome’s auto-update mechanism. Adobe followed after the company had finished testing the patch against all the supported platforms and their various configurations, and this takes slightly longer, according to Adobe’s Sr. Manager of Corporate Communications, Wiebke Lips.

Despite the plethora of online attacks targeting users of its products, Adobe said it is increasingly concerned about sophisticated, nation-state backed attacks, the company’s top security official said at a security conference this week.