Call it a “good news, bad news” situation for Adobe Systems. On the one hand, the company patched a number of vulnerabilities today in Shockwave Player; on the other, it issued a new advisory on a zero-day bug in Adobe Flash Player.
The Flash Player vulnerability (CVE-2010-3654) affects versions 10.1.85.3 and earlier versions on Windows, Macintosh, Linux and Solaris operating systems, as well as Flash Player 10.1.95.2 and earlier versions for Android. It also impacts the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and Unix systems, as well as Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh.
“We are in the process of finalising a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010,” the company said. “We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15.”
While users wait for the patch for the Flash Player vulnerability, users can delete, rename or remove access to the authplay.dll file that ships with Adobe Reader and Acrobat, Adobe advised. Doing so however will cause a non-exploitable crash or error message when opening a PDF file that contains Flash content. Instructions for doing this can be found in the advisory.
At the same time the company issued the advisory, it shipped a fix for a zero-day bug in Shockwave Player into a massive update that plugged 10 other vulnerabilities as well. On October 21, Adobe warned about a memory corruption vulnerability (CVE-2010-3653) in Shockwave Player versions 11.5.8.612, and earlier, on Windows and Mac had been discovered. Six days later, the company warned the issue was under attack.
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform