Software Update: Adobe Flash Player 10.0.32.18 / 9.0.246.0

With the help of Adobe Flash Player it is possible to view and play Flash content – mainly swf files – on the computer. Popular video sites such as Youtube and Google Video use Flash to allow visitors to play videos within the standalone Flash Player. Adobe has patched a number of security vulnerabilities and as a result, version 10.0.32.18 and version 9.0.246.0 released.

Version 10.0.32.18

This download contains fixes for critical vulnerabilities identified in Security Bulletin APSB09-10 Flash Player update available to address security vulnerabilities. The update replaces the Debug and Release versions of Flash Player 10 browser plugins and standalone players that are included in the initial release of Flash CS4 Professional (player version 10.0.2.54). All users are encouraged to apply this update. These new players are version 10.0.32.18.

Version 9.0.246.0:

This download contains fixes for critical vulnerabilities identified in Security Bulletin APSB09-10 Flash Player update available to address security vulnerabilities. The update replaces the Debug and Release versions of Flash Player 9 browser plugins, standalone players, and Test Movie players. All users should apply this update. These new players are version 9.0.246.0.

Details

Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh, Linux and Solaris operating systems. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18.

• resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862).
• resolves the vulnerable version of the Microsoft Active Template Library (ATL) described in Microsoft Security Advisory (973882). This vulnerability could allow an attacker who successfully exploits the vulnerability to take control of the affected system (CVE-2009-0901, CVE-2009-2495, CVE-2009-2493).
• resolves a privilege escalation vulnerability that could allow someone with desktop access to gain administrative privileges on the Macintosh operating system (CVE-2009-1863).
• resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864).
• resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865).
• resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866).
• resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).
• resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868).
• resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).
• resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870).