Adobe today released a software update to plug a critical security hole in its Flash Player, Adobe Acrobat and PDF Reader products. The patch comes a week after the software maker warned that miscreants were exploiting the Flash vulnerability to launch targeted attacks on users.
The Flash update addresses a critical vulnerability in Adobe Flash Player version 10.2.152.33 and earlier; versions (Adobe Flash Player version 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems; and Adobe Flash Player 10.1.106.16 and earlier versions for Android.
Adobe is urging all users to upgrade to the latest version — Flash v. 10.2.153.1 (Chrome users want v. 10.2.154.25, although Google is likely to auto-update it soon, given their past speediness in applying Flash updates). Update: According to The Register’s Dan Goodin, Google updated Chrome to patch this Flash flaw a full three days ago!
Original post: Click this link to find out what version of Flash you have installed. If something goes wrong in your update, or if you’re just a stickler for following directions, Adobe recommends uninstalling the current version of Flash before proceeding with the update (Mac users see this link).
As always, if you use Internet Explorer in addition to other browsers, you will need to apply this update twice: Once to install the Flash Active X plugin for IE, and again to update other browsers, such as Firefox and Opera. Updates are available by browsing to the Flash Player Download Center. A manual installer for Windows should be available at this link.
If you have Adobe Reader or Acrobat installed, you are going to have to update these programs, too, because they contain the same vulnerability Adobe said attackers have been using against Flash users. For users of Adobe Reader 9.4.2 for Windows and Macintosh, Adobe has made available Adobe Reader 9.4.3. Adobe says the “protected mode” built into its Adobe Reader X version would prevent an exploit of this kind from working, so the company doesn’t play to address the issue in Reader X until the next quarterly update, due out June 14, 2011. In the meantime, Adobe X users on Windows and Mac should make sure they have the latest version installed (10.0.2). If you want to check your version of Reader, open the program and click the “Help” menu, and the look for an entry that says “About Adobe Reader.”
Reader users on Windows and Mac can use the software’s built-in update mechanism, by choosing “Help,” then “Check for Updates.” Alternatively, the download page is here (note that updating via the Web site may pre-check the option for installing other software, such as security scanners: If you don’t want those extras, pay close attention during the install process).
More details on these updates are available at the advisory Adobe re-released today.