Topic: Adobe planning emergency Flash fix for Tomorrow (authplay.dll)

[Samker]

Adobe released an advisory earlier this week regarding a critical vulnerability found in Flash and Acrobat: http://scforum.info/index.php/topic,4233.0.html

The company now plans to issue an emergency patch to fix the Flash flaw on Thursday June 10: http://www.adobe.com/support/security/advisories/apsa10-01.html
The vulnerability, found in authplay.dll can allow an attacker to crash and potentially control an affected system. Affected versions include; Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris.

Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX are also affected and will be patched on June 29. Adobe typically releases quarterly security updates and the next was originally scheduled for July 13. The company has accelerated the update in response to the 0-day flaw. "We also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments", said Brad Arkin, Adobe's director of product security and privacy: http://blogs.adobe.com/asset/2010/06/background_on_apsa10-01_patch.html

Adobe plans to make the Flash Player 10.x update available for Windows, Macintosh, and Linux by June 10, 2010. The date for Flash Player 10 for Solaris is still to be determined. Flash 10.1 RC versions are unaffected by the flaw.

(NW)