JPCERT-AT-2011-0009
JPCERT/CC
2011-04-18
<<< JPCERT/CC Alert 18.04.11 >>>
Vulnerability in Adobe Flash Player
https://www.jpcert.or.jp/at/2011/at110009.txt
I. Overview
Adobe Flash Player contains a memory corruption vulnerability. As a
result, a remote attacker could execute arbitrary code by convincing a
user to open specially crafted contents.
Adobe Systems has already observed attacks exploiting this
vulnerability. Users are recommended to update to the corrected
software provided by Adobe Systems.
Adobe Security Bulletins APSB11-07
Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb11-07.html
According to Adobe Systems, this vulnerability also affects Adobe
Acrobat and Reader, and corrected software will be released by the end
of April. Users are recommended to apply the updates as soon as they
are released.
II. Products Affected
Affected products and versions are as follows:
- Adobe Flash Player 10.2.153.1 and earlier
- Adobe AIR 2.6.19120 and earlier
For more information, refer to Adobe Systems' website.
III. Solution
- Adobe Flash Player
Update Adobe Flash Player to the following latest version. For more
information, refer to Adobe Systems' website.
- Adobe Flash Player 10.2.159.1
Adobe Flash Player Download Center
http://get.adobe.com/jp/flashplayer/
http://get.adobe.com/flashplayer/
The Adobe Flash Player version number installed on your PC can be
verified through the following page:
Adobe Flash Player: Version Information
http://www.adobe.com/jp/software/flash/about/
http://www.adobe.com/products/flash/about/
* Even if using browsers other than Internet Explorer, Flash Player
may be installed on Internet Explorer. Therefore, the Flash Player
for Internet Explorer should also be updated.
- Adobe AIR
Update Adobe AIR to the following latest version. For more
information, refer to Adobe Systems' website.
- Adobe AIR 2.6.19140
Adobe AIR Download Center
http://get.adobe.com/jp/air/
http://get.adobe.com/air/
IV. References
Adobe APSA11-02:
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html
JVNVU#230057
Vulnerability in Adobe Flash Player
http://jvn.jp/cert/JVNVU230057/index.html
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top