Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Adobe flash player and air patched - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe flash player and air patched

The almost universally installed flash player of adobe has been update to version 10.0.42.34. Adobe air as upgraded to 1.5.3.

Read more about it in the apsb09-19 bulletin from adobe.

The reason behind it are 7 vulnerabilities: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800 and, CVE-2009-3951 of which 6 lead to arbitrary code execution and the last one is a windows only issue leading to unauthorized information disclosure, related to CVE-2008-4820.

"Upgrade!" is the loud and clear message should our audience need that encouragement.

At this point we have no guidance for users wishing to know more about version 9 of the flash player aside of considering an upgrade to latest incarnation of version 10.

Thanks for the heads up go to David and Andrew

--
Swa Frantzen -- Section 66

Swa

760 Posts
If Adobe believes there is such thing as a "secret link", that speaks volumes about their overall security posture (or lack thereof). I don't know what URL was originally posted, but a simple Google search for "adobe flash msi" returns a download page containing the exact text quote above regarding Flash Player 9.
Anonymous
Shhhh, itz a s3krit!!!!!
Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!