Spyware, Viruses, & Security forum

Alert

Security update available for Adobe Flash Player (APSB11-26)

by Carol~ Moderator / September 21, 2011 6:13 AM PDT
Release date: September 21, 2011

Vulnerability identifier: APSB11-26
CVE number: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444

Platform: All Platforms

Summary:

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user's behalf on any website or webmail provider if the user visits a malicious website.

Adobe recommends users of Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.10. Users of Adobe Flash Player for Android 10.3.186.6 and earlier versions should update to Adobe Flash Player for Android 10.3.186.7.

Affected software versions:

• Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.3.186.6 and earlier versions for Android

(Note: The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.1.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems is not impacted by CVE-2011-2444.)

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player 10.x.

Solution:

Adobe recommends all users of Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.183.10 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.183.7 or later for Macintosh can install the update via the auto-update mechanism within the product when prompted.

Users of Adobe Flash Player for Android 10.3.186.6 and earlier versions should update to Adobe Flash Player for Android 10.3.186.7 by browsing to the Android Marketplace on an Android phone.

For Further Details & Recommendations: http://www.adobe.com/support/security/bulletins/apsb11-26.html
Discussion is locked
You are posting a reply to: Security update available for Adobe Flash Player (APSB11-26)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Security update available for Adobe Flash Player (APSB11-26)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Flash Player Direct Download Links..
by Carol~ Moderator / September 21, 2011 6:30 AM PDT
Collapse -
9/23/11: Update on Further DigiNotar Issues
by Carol~ Moderator / September 25, 2011 11:59 PM PDT

From the Adobe Security Matters Blog:

The Dutch government today announced that DigiNotar's subordinate Certificate Authorities (subCAs) under the Staat der Nederlanden root certificates will be revoked next Wednesday, September 28th. This follows on the Dutch government's removal of trust from DigiNotar, DigiNotar's removal from the Netherlands Trust List, and the company's announcement of bankruptcy proceedings.

With this latest action, new digital signatures created with certificates from these certificate families will no longer show as valid in Acrobat and Reader, regardless of version. This is due to the fact that Acrobat and Reader check if certificates associated with the signing credential are revoked at signing and at document open.

Note that this will not necessarily invalidate existing documents, if you are opening them with Acrobat or Reader 9.1+. This is due to the fact that these versions of the product check the validity of the signature at the signing time by default, not at the current time-assuming that the signature includes validation information from when it was signed. For example, a PDF signed one year ago will still show as valid and trusted, whereas one created next Friday will show as invalid.

The action by the Dutch government also means that Adobe will not need to take any action regarding the Staat der Nederlanden roots in the Adobe Approved Trust List.

http://blogs.adobe.com/security/2011/09/92311-update-on-further-diginotar-issues.html

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.