adobelogo

The US-CERT website is reporting that Adobe has released two recent advisories for vulnerabilities in three of its mainstay products – Reader, Acrobat and Flash Player:

Adobe Releases Security Advisory for Flash Player

added September 14, 2010 at 10:35 am

Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

    • Review Adobe security advisory APSA10-03.
    • Review the Adobe Product Security Incident Response Team blog entry
    • Review US-CERT Vulnerability Note VU#275289 and consider implementing the workarounds listed until a fix is available from the vendor.

        US-CERT will provide additional information as it becomes available.

        Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
        added September 13, 2010 at 08:30 am
        Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited.
        US-CERT encourages users and administrators to review Adobe security advisory APSA10-02 and consider implementing the suggested workaround of utilizing Microsoft’s Enhanced Mitigation Toolkit (EMET) to help prevent this vulnerability from being exploited. Additional information on EMET can be found on the Microsoft Security Research and Defense blog.
        US-CERT will provide additional information as it becomes available.

        As always – use the recommended steps to immediately protect yourself until an update is released to the software to correct the issue.