Critical vulnerabilities have been found with Adobe Flash Player 10.3.183.7 and version 10.3.183.10 has been released. The vulnerabilities could be used by a malicious user to cause a crash and gain control over the system. The vulnerability is being used in the wild so it is highly recommended to update the Adobe Flash Player as soon as possible.
There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website.
Five other vulnerabilities are listed as being resolved in the Adobe Security Bulletin that accompanied today’s release.
This update resolves an AVM stack overflow issue that may allow for remote code execution. (CVE-2011-2426).
This update resolves an AVM stack overflow issue that may lead to denial of service and code execution. (CVE-2011-2427).
This update resolves a logic error issue which causes a browser crash and may lead to code execution. (CVE-2011- 2428).
This update resolves a Flash Player security control bypass which could allow information disclosure. (CVE-2011-2429).
This update resolves a streaming media logic error vulnerability which could lead to code execution. (CVE-2011-2430).
You can download Adobe Flash Player 10.3.183.10 without Adobe DLM, McAfee Security Scans, or Google Chrome installers from the links on this previous 404 Tech Support article. You can also find it at http://get.adobe.com/flashplayer/.
Flash Player 11 and AIR 3
In other Adobe Flash news, Adobe announced Adobe Flash Player 11 and AIR 3 through a press release and a post on the Flash Platform blog. Tons of new features are coming with Flash 11 and AIR 3 to make it quite a complete, impressive platform.
Flash Player 11 and AIR 3 offer dozens of new features including:
- Accelerated 2D/3D Graphics: Full hardware-accelerated rendering for 2D and 3D graphics enable 1,000 times faster rendering performance over Flash Player 10 and AIR 2. Developers are able to animate millions of objects with smooth 60 frames per second rendering and deliver console-quality games on Mac OS, Windows and connected televisions. A pre-release brings these same accelerated 2D and 3D capabilities to mobile platforms including Android, Apple iOS and BlackBerry Tablet OS. A production release for mobile platforms is expected in the near future. For examples of 3D games for Flash Player, visitwww.adobe.com/go/gaming.
- AIR Native Extensions: With support for thousands of highly-optimized, open-source libraries, developers are able to tap into unique software and hardware capabilities including access to device data, vibration control, magnetometers, light sensors, dual screens, near field communications (NFC) and more. Native extensions also allow developers to more deeply integrate AIR applications with other business software.
- Captive Runtime: Developers can automatically package AIR 3 with their applications to simplify the installation process on Android, Windows and Mac OS in addition to Apple iOS. Users no longer have to download and update AIR separately on any of these platforms, or BlackBerry Tablet OS, which includes AIR built in. In addition, with the captive runtime option developers can manage version updates to their application independent of general AIR updates by Adobe.
- Content Protection: Premium video content can now be protected using Adobe Flash Access® 3 across all supported platforms, including new support for mobile platforms.
- HD Video Quality Across Platforms: Full frame rate HD video can now be displayed within AIR applications on Apple iOS devices using H.264 hardware decoding. Rich applications on televisions are also able to deliver HD video with 7.1 channel surround sound.
- Rental and Subscriptions Support: With support for Adobe Flash Access and Adobe Pass, content publishers can take advantage of rental and subscription options for more flexible business models and offer TV Everywhere content to more than 80 percent of U.S. pay TV subscribers.
- Compatibility: 64-bit support on Linux, Mac OS and Windows ensures a seamless experience with the latest 64-bit browsers.