Met behulp van Adobe Flash Player is het mogelijk om Flash-content - voornamelijk swf-bestanden - te bekijken en af te spelen op de computer. Onder meer de populaire videosites zoals Youtube en Google Video bieden hun bezoekers de mogelijkheid om video's met de standalone Flash Player af te spelen. Adobe heeft nu de versies 10.0.42.34 en 9.0.260.0 uitgebracht, waarin een aantal beveiligingslekken is gedicht.
This download contains fixes for critical vulnerabilities identified in Security Bulletin APSB09-19 Flash Player update available to address security vulnerabilities. The update replaces the Debug and Release versions of Flash Player 10 browser plugins and standalone players that are included in the initial release of Flash CS4 Professional (player version 10.0.2.54). All users should apply this update. These new players are version 10.0.42.34.
Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.
For users who cannot update to Adobe Flash Player 10, Adobe has developed a patched version of Adobe Flash Player 9, Adobe Flash Player 9.0.260, which can be downloaded from the following link: http://www.adobe.com/go/kb406791
- resolves a vulnerability in the parsing of JPEG data that could potentially lead to code execution (CVE-2009-3794).
- resolves a data injection vulnerability that could potentially lead to code execution (CVE-2009-3796).
- resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3797).
- resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-3798).
- resolves an integer overflow vulnerability that could potentially lead to code execution (CVE-2009-3799).
- resolves multiple crash vulnerabilities that could potentially lead to code execution (CVE-2009-3800).
- resolves a Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure (CVE-2009-3951). This updates the previously patched issue, CVE-2008-4820.