cert-alerts August 2010 archive
Main Archive Page > Month Archives  > cert-alerts archives
cert-alerts: US-CERT Cyber Security Alert SA10-223A -- Adobe Fla

US-CERT Cyber Security Alert SA10-223A -- Adobe Flash and AIR Vulnerabilities

From: US-CERT Alerts <alerts_at_nospam>
Date: Wed Aug 11 2010 - 18:16:45 GMT
To: alerts@us-cert.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    National Cyber Alert System

                  Cyber Security Alert SA10-223A

Adobe Flash and AIR Vulnerabilities

   Original release date: August 11, 2010
   Last revised: --
   Source: US-CERT

Systems Affected

     * Adobe Flash Player
     * Adobe AIR

     Other Adobe products that support Flash may also be vulnerable.

Overview

   There are vulnerabilities in Adobe Flash player and AIR. An
   attacker could exploit these vulnerabilities to take control of
   your computer.

Solution

   Update Flash Player and Adobe AIR

   Adobe Security Bulletin APSB10-16 recommends updating using the
   Adobe Flash Player Download Center and the Adobe AIR Download
   Center. Both Flash Player and AIR support automatic updates.
   Following these instructions will update the Flash web browser
   plug-in and ActiveX control, as well as AIR. However, it will not
   update Flash support in Adobe Reader, Acrobat, or other products.

   To reduce your exposure to these and other Flash vulnerabilities,
   consider the following mitigation technique.

   Disable Flash in your web browser

   Uninstall Flash or restrict which sites are allowed to run Flash.
   To the extent possible, only run trusted Flash content on trusted
   domains. For more information, see Securing Your Web Browser. Note
   that disabling Flash may affect your browsing experience on certain
   websites.

Description

   Adobe Security Advisory APSB10-16 describes vulnerabilities in
   Flash Player and AIR. Flash content could be on a web page, in a
   PDF document, in an email attachment, or embedded in another file.

   By convincing you to open malicious Flash content, an attacker may
   be able to take control of your computer or cause it to crash.

References

 * Adobe Security Bulletin APSB10-16 -
   <http://www.adobe.com/support/security/bulletins/apsb10-16.html>

 * Adobe Flash Player Download Center -
   <http://get.adobe.com/flashplayer/>

 * Adobe AIR Download Center - <http://get.adobe.com/air/>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA10-223A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "SA10-223A Feedback VU#660993" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2010 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

  August 11, 2010: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTGLouT6pPKYJORa3AQI59Af+Noa5tKkf+/GS93GFTqPX5mtQ5HHE89I/
tkYRYfkpD1w6lN1tdLdYvQqLq/HOjTw+mvUIjglVe/f7Wwwl2a3289RX+UzwxADg
KJRHGXrYpiWMhxzFxbGHM9oFxYtck00zW46iIazG57HzMAAUSw6biG0ADjvTIjWU
YYCiF/+kZfUpSfwz6UD4QK51XMz03UTb9iAZujNO4moUSHQk7X0IXy0N514roHXl
3hGgU0i6kIfAzBUcdAOpdGZzXzev8lyhI63js0+F1NcbnVWQAqeeTFvLgd+u/BFl
LC4VWsmrvKFMIIefOU0tyyCHWSurAFBaeUp6gA44iC03V6nhnIFplw==
=iRbq
-----END PGP SIGNATURE-----