Release date: July 22, 2009
Last Updated: August 3, 2009
Vulnerability identifier: APSA09-03
CVE number: CVE-2009-1862
Platform: All Platforms
A critical vulnerability exists in the current versions of Flash Player (v22.214.171.124 and v10.0.22.87) for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
Adobe has released product updates to Adobe Reader, Acrobat and Flash Player to resolve the relevant security issues. For more information, please refer to Security Bulletin APSB09-10.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here:http://blogs.adobe.com/psirt/atom.xml.
Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
Adobe Flash Player 126.96.36.199 and 10.0.22.87 and earlier 9.x and 10.x versions
Adobe categorizes this as a critical update.
August 3, 2009 - Advisory updated that the Adobe Flash Player v9 and v10 for Solaris update is available.
July 31, 2009 - Advisory updated that Security Bulletin APSB09-10 has information that resolves the security issue for Adobe Reader and Acrobat.
July 30, 2009 - Advisory updated with link to Security Bulletin that resolves the security issue for Adobe Flash Player.
July 23, 2009 - Advisory updated with date of Adobe Reader for UNIX update.
July 22, 2009 - Advisory first created.