星期一, 4月 18, 2011

Further Update (A11-04-01a): Vulnerability in Adobe Flash Player and Adobe Reader/Acrobat

Further to the security alert A11-04-01 issued on 12.04.2011, we would like to draw your attention that Adobe has released updated versions of Adobe Flash Player for the platforms below to address the issue. However, related patches for Adobe Reader and Adobe Acrobat are still pending. The respective updates are available at:
- Flash Player 10.2.159.1 for Windows, Macintosh, Linux and Solaris
  • http://www.adobe.com/go/getflash
- Flash Player 10.2.159.1 - network distribution
  • http://www.adobe.com/licensing/distribution
- Flash Player 10.2.154.27 for Chrome

  • http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
If you have multiple browsers, you are required to perform the upgrade for each browser.
To verify the Flash player version installed, you may visit the following URL:
  • http://www.adobe.com/products/flash/about/
Currently, the patch for Flash Player for Android and the patches for Adobe Reader and Acrobat are not yet available for download. Affected users should keep abreast of the vendor's web site for the availability of new versions of the affected software.
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
DITSOs (or your delegates) are also requested to inform the relevant system administrators and end users as appropriate about this issue.
More Information:
More information about this update is available at:
  • http://www.adobe.com/support/security/advisories/apsa11-02.html
  • http://www.adobe.com/support/security/bulletins/apsb11-07.html
  • http://www.us-cert.gov/current/index.html#adobe_releases_security_advisory_for7
  • http://www.kb.cert.org/vuls/id/230057
  • http://secunia.com/advisories/44119/
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0611