- SandBox Information Center
- Malware Analysis Search
- Articoli sulla sicurezza
- Blog sulla sicurezza [EN]
- Livello di pericolosità [EN]
- Minacce attuali di virus
- Tipi di malware [EN]
- Descrizione dei virus [EN]
- Statistiche sulla posta elettronica [EN]
- Testi, white paper generici ed altro
- La tecnologia Norman
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat (UPDATED)
First published: 2010-10-29
Updated: 2010-11-05
Updated: 2010-11-17
A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions. Adobe Reader and Acrobat version 9.4 and earlier 9.x versions are also vulnerable.
Critical is Adobe's highest vulnerability rating and could when exploited allow malicious native-code to execute, potentially without a user being aware.
There are reports that this vulnerability is being actively exploited. As of this writing no updates are available.
Adobe has announced that security updates are being prepared for release:
- 09 November for Adobe Flash Player
- week 46 for Adobe Reader and Acrobat
More information is available in Adobe's security advisory 10-05, which also mentions a procedure to mitigate the vulnerability.
This security advisory will be updated when more information is available.
Update 2010-11-05
Adobe has released version 10.1.102.64 of its Flash Player before schedule. This update solves several vulnerabilities, including the one referred to in this Norman advisory, for all platforms except Android (update scheduled for 09 November).
More information and links to downloads are avaiable in Adobe's Security Bulletin 10-26.
Norman recommends users of Adobe Flash Player to update to the latest version.
Update 2010-11-17
Adobe has released version 9.4.1 of Adobe Acrobat and Reader. More information and links to downloads are avaiable in Adobe's Security Bulletin 10-28.
Norman recommends users of the affected Adobe products to update to the latest version.
