Adobe to Release Flash Patch June 10

Adobe said on Monday that it will have a patch available for the newly discovered critical vulnerability in Flash ready by June 10 for most platforms. The patches for Adobe Reader and Acrobat, which also are affected by the flaw, won't be released until June 29.

The new flaw was discovered late last week and Adobe security officials said that they were aware of attacks against the vulnerability in the wild. Adobe usually distributes its patches on a quarterly basis, but Brad Arkin, the company's director of product security and privacy, said in a blog post Monday night that the company decided to push the releases up.

The June 29, 2010 security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. In addition to addressing CVE-2010-1297, the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities. The full details will be in the Security Bulletin and Release Notes we will publish when the security update is posted.

Among other options, we also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments.

The patch for Flash released on June 10 will address the vulnerability on Windows, Mac and Linux. The release date for a Flash patch for Solaris has not been determined yet. Also on Monday Adobe released updated mitigation guidance for users looking to thwart attacks before the patch is available.

For Windows users:

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

For Mac users, the guidance is specific to each vulnerable application and can be found in Adobe's advisory.

Commenting on this Article is closed.