On Thursday Adobe issued two new security bulletins addressing vulnerabilities found in its Flash Player software and its LiveCycle and ColdFusion software. Adobe also issued a security advisory for the Adobe Reader and Acrobat software. Adobe recommends that it’s users update to the new available versions of the affected software as soon as possible.
The Adobe Flash Player vulnerability has been identified as critical. This vulnerability (CVE-2010-0186) affects Flash Player version 10.0.42.34 and earlier. It could subvert the domain sandbox and make unauthorized cross-domain requests. Adobe Flash Player 10.0.45.2 comes with a fix to this vulnerability. So, users of Adobe Flash Player 10.0.42.34 and earlier versions are requested to update to Adobe Flash Player 10.0.45.2. This vulnerability also affects Adobe AIR 1.5.3.9120 and earlier versions. That’s why, Adobe also recommends users of Adobe AIR version 1.5.3.9120 and earlier versions update to Adobe AIR 1.5.3.9130.
On the other hand, another important vulnerability (CVE-2009-3960) has been identified in BlazeDS 3.2 and earlier versions. It affects LiveCycle 9.0, 8.2.1 and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, and ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2. In this case, Adobe has provided solution for each of the affected Adobe product on it’s web site (http://www.adobe.com/support/security/bulletins/apsb10-05.html).
Adobe also identified some critical security issues present in Adobe Reader 9.3 and earlier versions (Windows, Macintosh, and UNIX) and Adobe Acrobat 9.3 and earlier versions (Windows and Macintosh). To resolve the issues, Adobe is planning to release an update for Adobe Reader 9.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3 for Windows and Macintosh, and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. There updates are expected to be available on February 16, 2010.
??????????? ???????? on 15th Jan, 17 03:01am #
adobe