Critical security Update for Flash Player

Number: AL10-002
Date: 11 June 2010

Purpose

The purpose of this Alert is to bring attention to an out of schedule critical security update for Flash Player.

Assessment

Adobe Flash Player 10.1.53.64

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. This vulnerability is being actively exploited on the internet against both Adobe Flash Player, and Adobe Reader and Acrobat.

This security update addresses the vulnerability in Flash Player only. Updates for Adobe Reader and

Acrobat will be released by 29 June 2010.

Suggested action

CCIRC recommends that administrators test and deploy this update at the earliest opportunity.

References:

This vulnerability has been assigned the CVE identifier CVE-2010-1297.

Adobe:
http://get.adobe.com/flashplayer/
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-14.html

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca