Adobe Releases Patch For…Flash Player?

Adobe pulls it out ahead of their March 11th “by when” date. The patch for Adobe Flash Player is…wait, what? Adobe is having bad month it appears. Today they released a patch for Flash Player, NOT Acrobat Reader (yet).

From Adobe:

A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform.

The Belgian security site (great reading by the way) Security4all pointed out this interesting tidbit.

Additionally, there is an iDefense report on this issue. What interested me was the Disclosure Timeline:

08/25/2008 – Initial Contact
09/22/2008 – PoC Requested
11/05/2008 – PoC Sent
11/06/2008 – Clarification requested
12/05/2008 – Clarification Sent
12/07/2008 – Additional Clarification Sent
02/19/2009 – Draft bulletin received
02/24/2009 – Coordinated Public Disclosure

Odd timeline.

Adobe Security Advisory

Get yer patch on. NOW!

UPDATE: And yes, thx mubix, one of the affected pieces of software mentioned in the advisory was AIR 1.5.

Posted by Dave Lewis on February 24, 2009. Filed under Patches,Vulnerability. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.