Adobe Releases Patch for Flash Zero Day Hole in Reader, Acrobat

Adobe has released patches for its Reader and Acrobat products to plug a hole in the Flash Player that was first reported in March and is being used in attacks on the Internet.

Flash patchAdobe has released patches for its Reader and Acrobat products to plug a hole in the Flash Player that was first reported in March and is being used in attacks on the Internet.

The company issued a security update on Thursday, APSB11-08, that repairs critical vulnerabilities in current versions of Adobe Reader and Acrobat X for Windows. Adobe warned that the vulnerability, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, Reader and Acrobat and in a Flash file embedded in other files such as Microsoft Word and Excel documents.The hole allowed remote attackers to run arbitrary code on vulnerable machines.

The updates address a critical vulnerability that first came to light on March 14. The company pushed out a critical patch for Flash Player, Reader and Acrobat a week later. Adobe released a security bulletin addressing the issue on April 11 and a Flash Player for Google’s Chrome Web browser  and the Windows, Apple Macintosh, Linux and Solaris operating systems on April 14 and 15. The company had originally targeted the Reader and Acrobat fixes for April 25, but delivered them on the 21st, instead.

The patches are for Flash Player 10.2.153.1 and earlier for versions of Windows, Mac, Linux and Solaris,  10.2.154.25 and earlier for Chrome and 10.2.156.12 and earlier for Android. The patches also update authplay.dll, a component that ships with Reader and Acrobat X (10.0.2 and earlier 10.x and 9.x versions for Windows and Mac, and Adobe AIR 2.6.19120 and earlier for Windows Mac and Linux, Adobe said in a blog post on its support Web site. The company strongly encouraged users to apply the patch for the vulnerability, which it rates “Critical.” 

Suggested articles