JPCERT-AT-2011-0030 JPCERT/CC 2011-11-11 (First edition) 2011-11-11 (Updated) <<< JPCERT/CC Alert 11.11.11 >>> Vulnerabilities in Adobe Flash Player https://www.jpcert.or.jp/at/2011/at110030.txt I. Overview Adobe Flash Player contains multiple vulnerabilities. As a result, a remote attacker could terminate Adobe Flash Player or execute arbitrary code by convincing a user to open specially crafted contents. Users are recommended to update to the corrected software provided by Adobe Systems. Adobe Security Bulletins APSB11-28 Security update available for Adobe Flash Player http://www.adobe.com/support/security/bulletins/apsb11-28.html II. Products Affected Affected products and versions are as follows: - Adobe Flash Player 11.0.1.152 and earlier - Adobe AIR 3.0 and earlier For more information, refer to Adobe website. III. Solution - Adobe Flash Player Update Adobe Flash Player to the following latest version. For more information, refer to Adobe website. - Adobe Flash Player 11.1.102.55 Note that since Adobe Flash Player 11 does not support Firefox 3.6, users of Firefox 3.6 should update to the following version. - Adobe Flash Player 10.3.183.11 Adobe Flash Player Download Center http://get.adobe.com/jp/flashplayer/ http://get.adobe.com/flashplayer/ The Adobe Flash Player version number installed on your PC can be verified through the following page: Adobe Flash Player:Version Information http://www.adobe.com/jp/software/flash/about/ http://www.adobe.com/products/flash/about/ * Even if using browsers other than Internet Explorer, Flash Player may be installed on Internet Explorer. Therefore, the Flash Player for Internet Explorer should also be updated. - Adobe AIR Update Adobe AIR to the following latest version. For more information, refer to Adobe website. - Adobe AIR 3.1.0.4880 Adobe AIR Download Center http://get.adobe.com/jp/air/ http://get.adobe.com/air/ IV. References Adobe Security Bulletins APSB11-28 Security update available for Adobe Flash Player http://www.adobe.com/support/security/bulletins/apsb11-28.html If you have any further questions or information regarding this alert, please contact JPCERT/CC. ________ Revision history 2011-11-11 First edition 2011-11-11 Solution corrected based on information provided by Adobe Systems * The inital published version mentioned that the latest version of Adobe Flash Player could not be downloaded under Firefox 3.6. However, since Adobe Flash Player 10.3.183.11 is provided for browsers not supported by Adobe Flash Player 11, corrections were made. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/