National Cyber Alert System Cyber Security Alert SA10-162A
Adobe Flash and AIR Vulnerabilities
Original release date: June 11, 2010
Last revised: --
Source: US-CERT
Systems Affected
Adobe Flash Player
Adobe AIR
Other Adobe products that support Flash may also be vulnerable.
Overview
There are vulnerabilities in Adobe Flash player and AIR. An attacker could exploit these vulnerabilities to take control of your computer.
Solution
Update Flash Player and Adobe AIR
Adobe Security Bulletin APSB10-14 recommends updating at the Adobe Flash Player Download Center and Adobe AIR Download Center. Both Flash Player and AIR support automatic updates. This will update the Flash web browser plug-in and ActiveX control and AIR, but will not update Flash support in Adobe Reader, Acrobat, or other products.
To reduce your exposure to these and other Flash vulnerabilities, consider the following mitigation technique.
Disable Flash in your web browser
Uninstall Flash or restrict which sites are allowed to run Flash. To the extent possible, only run trusted Flash content on trusted domains. For more information, see Securing Your Web Browser.
Description
Adobe Security Advisory APSB10-14 describes vulnerabilities in Flash Player and AIR. This Flash content could be on a web page, in a PDF document, in an email attachment, or embedded in another file.
By convincing you to open malicious Flash content, an attacker may be able to take control of your computer or cause it to crash.
