November 2, 2010, 3:15PM
Adobe Accelerates Patch Schedule for Critical Flash Bug
Comment 
Adobe has moved up the release date for the patch for the critical bug in Adobe Flash Player revealed last week, and now plans to have a fix ready on Thursday. The company still plans to patch Reader two weeks from now.
The vulnerability in Flash also exists in Reader and researchers said last week that attackers had already begun exploiting the bug in Reader by the time that Adobe acknowledged the problem and published an advisory. At the time of the initial advisory, Adobe officials said they planned to release a patch for Flash on Nov. 9 and for Reader on Nov. 15.
On Tuesday, the company updated its guidance, saying that the patch for Flash on Windows, Mac, Linux and Solaris will be pushed out on Thursday, Nov. 4, and that the fix for Flash on Android will still be published Nov. 9. The schedule for the Reader patch remains the same.
Editor's Pick
A security researcher identified the Flash bug last Thursday and published a short explanation of it, which Adobe confirmed later in the day.
"A critical vulnerability has been identified in Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.
There were reports on Wednesday that another unpatched bug in Adobe's Shockwave software had been found, as well. Secunia posted an advisory saying that there's a new use-after-free bug in Shockwave that can be exploited in certain Web-based attack scenarios.
"The vulnerability is caused due to a use-after-free error in an automatically installed compatibility component as a function in an unloaded library may be called," the Secunia advisory said. "Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into opening the "Shockwave Settings" window when viewing a web page."
Adobe patched a previous vulnerability in Shockwave last week.
Commenting on this Article is closed.
Today's Most Popular
- Dear Jailbreaker, Apple Wants to Have a Word with You
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- White House Security Czar Howard Schmidt Retiring
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (5)
-
White House Security Czar Howard Schmidt Retiring (3)
-
Staggering Increase in Android Malware Variants, Trojan Apps (2)
-
New P2P Zeus Variant Targets Popular Sites with Bogus Offers (1)
-
Dear Jailbreaker, Apple Wants to Have a Word with You (1)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
38%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
13%
Total votes: 60
Follow Threatpost
 |  |  |  |
| Tumblr |
