Details
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions
for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android.
These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could
cause the application to crash and could potentially allow an attacker to take control of the affected system.
This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).
This update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain
policy file restrictions with certain server encodings (CVE-2010-3636).
This update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only)
(CVE-2010-3637).
This update resolves an information disclosure vulnerability (Macintosh platform, Safari browser only)
(CVE-2010-3638).
This update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated,
but may be possible (CVE-2010-3639).
Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh,
Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10
for
Android update to Adobe Flash Player 10.1.95.1.
►
http://www.talkandroid.com/14368-ad...ning-for-flash-player-10-1-92-10-for-android/
►
http://www.infosecurity-us.com/view/12602/adobe-rushes-emergency-security-patch-for-flash-player/
We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and
Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.
Google Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version
number and update if necessary, follow the instructions here:
►
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_17.html
►
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414