Bug Fixes For Google Chrome And Adobe Flash

Adobe Systems released a massive security update for Flash Player to fix nearly 20 vulnerabilities, while Google Chrome got a security boost of its own.

Included in the Adobe update is a fix for CVE-2010-3654, a bug the company warned about last week and has come under attack. If exploited, the vulnerability can cause the application to crash and allow an attacker to take control of the affected system.

Update To New Versions

According to Adobe, the vulnerability is being exploited in the wild through malicious PDF documents on Adobe Reader and Acrobat 9.x, which ship with a component called authplay.dll.

“Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64,” Adobe said in an advisory. “We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.”

Google meanwhile plugged 10 security holes in its Chrome browser. The bugs, which are considered high risk, include an invalid memory read in XPath handling and memory corruption issues. The new patched download of Chrome, version 7.0.517.44, is for Windows, Macintosh and Linux. It includes an updated version of Adobe Flash.