updated 07:50 am EDT, Tue March 22, 2011
Patch issued for PCs and Android devices
Adobe has issued a patch for all platforms affected by the critical vulnerability in Flash Player 10.2.152.33 and earlier versions. The Adobe patch follows the updated version of Chrome issued by Google on Monday which included a fix for the issue. Adobe has issued a new bulletin explaining the flaw and the steps that users need to take in order to install the patch. This appears to include users of Android mobile devices who have been instructed to navigate to the Android Marketplace on their Android phone to update their device from mobile Flash Player 10.2.153.1 to Flash Player 10.2.156.12.
PC users who have been affected by the issue enabled the exploit by opening an Excel file that contained a malicious Flash file. When activated, the code in the corrupted Flash file could cause a system to crash, which could then potentially allow an attacker to take control of the infected system through code execution.
Adobe has said that it is unaware of the exploit targeting or affecting Adobe Reader or Acrobat. However, it has recommended users update their version of Reader and/or Acrobat in a separate security bulletin. The new patch for Adobe Reader and Acrobat fixes a related critical vulnerability in the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.
Adobe Reader and Acrobat are vulnerable to a memory corruption vulnerability that could lead to code execution if left unpatched.