Responding to a major security flaw in its Flash Player, Adobe Systems released a large patch Thursday. A security bulletin published on the company’s web site recommends that users of Flash Player 10.0.45.2 and earlier versions on Windows, Mac, Linux and Solaris update to version 10.1.53.64.

To determine which Flash Player version you are running, the company recommends going to http://www.adobe.com/software/flash/about/, or right-clicking on Flash content in the browser and selecting About Adobe Flash Player.

More Than 30 Vulnerabilities

The bulletin also advises that users of Adobe AIR 1.5.3.9130 and earlier versions should update to AIR 2.0.2.12610. Users of Flash Professional CS5, CS4 Professional, and Flex 4 are encouraged to update to 10.1.53.64, and Flash CS3 Professional and Flex 3 users should download 9.0.277.0.

The updates address more than 30 identified vulnerabilities, first made public earlier this month. A security firm, Websense, has said the vulnerability could be exploited by web sites that contain malicious software, which might be used to remotely control users’ computers.

Adobe said it expects to release an update toward the

end of this month for its Reader and Acrobat programs, for which it has also identified security problems. Adobe said the affected component is the authplay.dll that accompanies Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Mac and Unix. Adobe Reader and Acrobat 8.x appear to be unaffected.

An Adobe advisory last week had noted that “deleting, renaming or removing access to the authplay.dll file mitigates the threat,” resulting in a “non-exploitable crash or error message” when a PDF file with Flash content is opened.

Adobe said the authplay.dll that comes with Adobe Reader and Acrobat 9.x for Windows is usually installed at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Flash Versus HTML5

The vulnerability underscores an argument that Apple CEO Steve Jobs has been making in his battle with Adobe about using Flash on the iPad, iPhone and iPod touch.

Apple will not allow Flash on those devices, insisting that standards-based, emerging HTML5 technologies be used instead for the video and interactive animation for which Flash is widely employed. Jobs has cited security issues in Flash, noting that security vendor Symantec “recently highlighted Flash for having one of the worst security records in 2009.”

source: yahoo