Adobe has released Security bulletin APSB09-19, which describes vulnerabilities affecting Adobe Flash Player and Adobe AIR. An attacker could exploit this vulnerability by convincing a user to visit a website that hosts a specially crafted SWF file. The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected.
- Adobe Flash Player 10.0.32.18 and earlier versions
- Adobe AIR 1.5.2 and earlier versions
Users are encouraged to update Flash Player 10.0.32.18 and earlier versions as well as Adobe AIR 1.5.2 and earlier versions to the latest version. Go to http://get.adobe.com/flashplayer/ to download the latest version.
These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin.
See the Adobe Security Bulletin (http://www.adobe.com/support/security/bulletins/apsb09-19.html) for more information.