Adobe Flash Player 10.3.183.10 security update
Report ID: AD201109002
Date Published: 21 September 2011
Criticality: Critical
Compromise Type: cross-site-scripting exposure-of-system-information remote-code-execution
Compromise From: remote
Affected Product/Component:
Adobe Flash Player 10.3.183.7
Adobe Flash Player 10.3.186.6 (Android)
Summary
Adobe Flash Player 10.3.183.10 has been released, introducing the fix for multiple vulnerabilities identified in the previous product version.
Detailed Description
Adobe has released Flash Player version 10.3.183.10, which introduces the fix for six identified vulnerabilities. One cross-site scripting vulnerability (CVE-2011-2444) has been reported being exploited in the wild, where users are tricked to click a malicious link sent via e-mail.
Four of the other vulnerabilities could lead to remote code execution while one other presents a security bypass issue that could lead to information disclosure.
To protect from potential exploit, users are recommended to update to Flash Player version 10.3.183.10.
CVE Reference
CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444
Solution
Update to the latest version of applicable product:
- Flash Player 10.3.183.10 - Flash Player Download Center
- Flash Player 10.3.183.10 (network distribution) - Flash Player Licensing
- Flash Player 10.3.186.7 (Android) - Android Marketplace
- Flash Player 10.3.183.10 (Google Chrome) - Google Chrome Releases
