Adobe fixes major Flash Player vulnerability
On Friday, Adobe issued an out-of-cycle security update to Flash Player, Adobe Reader and Acrobat that fixes several critical cross-platform vulnerabilities, one of which is related to Microsoft's Active Template Library (ATL) vulnerability announced earlier this week.
The software affected in today's update is:
The update for Flash Player fixes, among other things, the problems associated with the compromised version of ATL which could allow remote code execution to take place. Adobe recommends all users of Flash Player 10.0.22.87 and earlier upgrade to 10.0.32.18 or by auto-updating when prompted. If 10.0.32.18 cannot be installed, Adobe has created Flash Player 9.0.246.0 which can be obtained here.
The updates for Reader and Acrobat vary by operating system and version, but Adobe provides links to each respective version in the security bulletin. Because this update came out of cycle for Reader and Acrobat, Adobe has revised its schedule for quarterly security updates so that the next set of patches will arrive on October 13.