| Main Archive Page > Month Archives > cert-alerts archives |
US-CERT Cyber Security Alert SA10-263A -- Adobe Flash Vulnerabilities
From: US-CERT Alerts <alerts_at_nospam>Date: Mon Sep 20 2010 - 20:19:06 GMT
To: alerts@us-cert.gov
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA10-263A
Adobe Flash Vulnerabilities
Original release date: September 20, 2010
Last revised: --
Source: US-CERT
Systems Affected
* Adobe Flash Player
Other Adobe products that support Flash may also be vulnerable.
Overview
There are vulnerabilities in Adobe Flash player. An attacker could
exploit these vulnerabilities to take control of your computer.
Solution
Update Flash Player
Adobe Security Bulletin APSB10-22 recommends updating using the
Adobe Flash Player Download Center. Flash Player supports automatic
updates. Following these instructions will update the Flash web
browser plug-in and ActiveX control. However, it will not update
Flash support in Adobe Reader, Acrobat, or other products.
To reduce your exposure to these and other Flash vulnerabilities,
consider the following mitigation technique.
Disable Flash in your web browser
Uninstall Flash or restrict which sites are allowed to run Flash.
To the extent possible, only run trusted Flash content on trusted
domains. For more information, see Securing Your Web Browser. Note
that disabling Flash may affect your browsing experience on certain
websites.
Description
Adobe Security Advisory APSB10-22 describes vulnerabilities in
Flash Player. Flash content could be on a web page, in a PDF
document, in an email attachment, or embedded in another file.
By convincing you to open malicious Flash content, an attacker may
be able to take control of your computer or cause it to crash.
References
* Adobe Security Bulletin APSB10-22 -
<http://www.adobe.com/support/security/bulletins/apsb10-22.html>
* Adobe Flash Player Download Center -
<http://get.adobe.com/flashplayer/>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA10-263A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA10-263A Feedback VU#275289" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
September 20, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTJe8eD6pPKYJORa3AQJPwAgAvERot5P6h6bl1jSLjSRgXy1AcQkaigq1
FuwFTIbPaH4ol/CJpCpvLEoutjOnC2yxpbDqeIQ7n6HDpeWa5KlcAi1ciEReS0Vo
FC/37L9qDCGddGZh/P9ZxufqwtpxB8EcfxdEXNaa6lZ3GHQaicL+/2LR9OPl/JLh
ptrgxSe8j2y21cd26efiK/QLlqAP/le+6aleAAEaCzUiupQnuhb9XZY/IfwZio8g
zf2Fx5QR5xDlW041LWo2ZCyPNFHY1SLfZF39SbslktGdd8EqPoT+5e65eLHShcVg
V32TGcRModH2odKQV/g25X+q6RWUx63Wa0RhucwzQRa5dmHDyWPORQ==
=9ZH/
-----END PGP SIGNATURE-----