Latest Flash Vulnerability

(imported topic written by jnovak91)

Are you guys planning on publishing content for the pre-release candidate of Flash 10.1 to address the 0-day or are you waiting for the official fix that Adobe said they would release on 6/10? I know there is content for the work around (rename the authplay.dll file) but my understanding is that fix will only help with Flash in Adobe Reader/Acrobat. Flash itself is still vulnerable.

On June 4, 2010 Adobe announced the existence of a 0-day vulnerability that impacts all versions of Adobe Flash prior to 10.1 and all versions of Adobe Reader 9.x:

This vulnerability is being exploited on the Internet against both Adobe Flash and Adobe Reader, however it is unclear how widespread the attacks are. As with most attacks of this nature, it is likely that information will appear publicly soon and that this exploit will likely be widely incorporated into various exploit kits.

(imported comment written by JackCoates91)

Hi jnovak,

We are not planning to publish content for the unreleased version of Flash; the software distribution wizard can be used to deploy it if you want to go down that road. We are planning on publishing content for Flash when Adobe releases a supported fix for the issue.

(imported comment written by jnovak91)

Thanks for the update Jack.

(imported comment written by jnovak91)


Official release of Flash 10.1 came out yesterday, when can we expect content for it?