Gladiator Research and Security

GSA Reference Number: AD091209-01

Simply Put: Adobe has released a critical patch to address seven security vulnerabilities regarding its Flash Player and Adobe Air products. Flash is used on most websites for active content, such as animated or interactive menus and images, and movies.  Adobe Air allows users to run active web content outside of a browser.  These vulnerabilities have been rated Critical and could lead to remote code execution or information disclosure.  Flash versions older than 10.0.42.34 and Air versions older than 1.5.3 are affected by these issues.  Gladiator recommends that these patches are applied to all workstations as soon as possible. Users running Flash Player 9 should upgrade to version 10 at this time.

Attack Details: Adobe has listed all attack details in their bulletin.  Flash is a popular attack vector for malicious attackers.  Gladiator identifies and alerts on multiple malicious flash attacks each day.  These new vulnerabilities are likely to be integrated into attack tools in the near future.

Countermeasures: Gladiator recommends that all users apply the Adobe patches as quickly as possible.  Download details are available in the Adobe bulletin.

Reference Links:

• Adobe Bulletin (http://www.adobe.com/support/security/bulletins/apsb09-19.html)
• SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7714)