Accessibility

Security bulletin

Security advisory for Adobe Reader, Acrobat and Flash Player

Release date: July 22, 2009

Last Updated: August 3, 2009

Vulnerability identifier: APSA09-03

CVE number: CVE-2009-1862

Platform: All Platforms

Summary

A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.

Adobe has released product updates to Adobe Reader, Acrobat and Flash Player to resolve the relevant security issues. For more information, please refer to Security Bulletin APSB09-10.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL: http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

Affected software versions

Adobe Reader and Acrobat 9.1.2 and earlier 9.x versions
Adobe Flash Player 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions

Severity rating

Adobe categorizes this as a critical update.

Revisions

August 3, 2009 - Advisory updated that the Adobe Flash Player v9 and v10 for Solaris update is available.
July 31, 2009 - Advisory updated that Security Bulletin APSB09-10 has information that resolves the security issue for Adobe Reader and Acrobat.
July 30, 2009 - Advisory updated with link to Security Bulletin that resolves the security issue for Adobe Flash Player.
July 23, 2009 - Advisory updated with date of Adobe Reader for UNIX update.
July 22, 2009 - Advisory first created.