Adobe to Patch Critical Flash Bug Today — One Week in Advance

Posted 09/20/2010 at 5:43am | by Pulkit Chandna

3

Comments

Print

Adobe last Monday warned of a zero-day bug in its Flash player and promised to roll out a patch on September 27. But on Friday it pushed in the critical security update by a week, meaning that it will now be rolled out on September 20, which is today, instead of next Monday. The bug is not exclusive to the Flash player, though. According to the company, it also affects “Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.”

Despite today's security update, Reader and Acrobat will continue to remain susceptible for at least a couple of weeks, for Adobe plans to issue a separate patch for them during the week of October 4. Chrome users have been immune to the critical bug for a few days now. Last week, Google updated Chrome to version 6.0.472.62 that features patched version of Flash.

According to the security advisory Adobe issued last week:“This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.”