CERT mailing list archives

Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

From: Current Activity <us-cert () us-cert gov>
Date: Tue, 12 Apr 2011 10:54:34 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Original release date: April 12, 2011 at 10:39 am
Last revised: April 12, 2011 at 10:39 am


Adobe has released security advisory APSA11-02 to alert users of a
vulnerability affecting  the following Adobe products:
  * Flash Player 10.2.153.1 and earlier versions for Windows,
    Macintosh, Linux, and Solaris
  * Flash Player 10.2.154.25 and earlier versions for Chrome
  * Flash Player 10.2.156.12 and earlier versions for Android
  * the Authplay.dll component that ships with Adobe Reader and
    Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows
    and Macintosh.

Exploitation of this vulnerability may allow an attacker to execute
arbitrary code or cause a denial-of-service condition.

The Adobe advisory indicates that this vulnerability is currently
being exploited in targeted attacks via a Flash (.swf) file embedded
in a Microsoft Word (.doc) file delivered as an email attachment.
However, the method of attack can change at any time.

At this time, Adobe has not released a fix to mitigate this
vulnerability. US-CERT encourages users and administrators to do the
following to help mitigate the risks until a fix becomes available:
  * Review Adobe security advisory APSA11-02.
  * Exercise caution when opening unsolicited email attachments.
  * Refer to the Using Caution with Email Attachments Cyber Security
    Tip for more information on safely handling email attachments.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-010.html>

<http://blogs.adobe.com/psirt/2011/04/security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for7

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTaRnnj6pPKYJORa3AQKLHgf/RL3xp1tlmVWOnWGy/lPUipAOr7BO9Mdl
blMt4OKFK1k1qW3RFitQ1XzfsZXcPGu0+F3wqJ1jvnctIdo6GKE3Y2X+YYjaM2DV
9onSM2M34I4MogMMAMQN8W5uOrATJGWoeNKZUHZNJ29l4wIe3ax/gXcahJHqiq70
Kzkhr30CutNnF5MdzHkGzuAA2Ymk3w7Qfl86DxP3NwNWuQHlJdLBD+qCLis1Ggha
rX3WJV4yHhOmkJPx966OnBuNRwCVEdw+3/7PMGGmS+2u8k74sNRAKHdG232BZZkq
r0oFYoA+FaMYY7t7BgyrBVPIx578pzkwRhwM5TM1PZe4PGe4uD/wnw==
=49PL
-----END PGP SIGNATURE-----

Current thread:

Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Mar 15)
- <Possible follow-ups>
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 12)
- Current Activity - Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Current Activity (Apr 15)