Adobe issued a major security update over the weekend (16th April) to address the latest zero-day vulnerability (CVE-2011-0611) in its Flash player software. The vulnerability appears to only affect previous versions of Adobe Flash software. A malicious Web page or a Flash (.swf) file is embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered as an email attachment. It currently only targets the Windows operating system.
I attempted to install the security update (10.2.159.1) – it automatically downloaded via Microsoft Windows auto-update mechanism and attempted to install this version along with Adobe Air – but failed. Some friends have reported similar problems. So I initiated a system reboot and Adobe Air updated via my TweetDeck application (you might also find this happens if you have an application that uses Adobe Air). I then uninstalled the previous version (Control Panel – “Uninstall a program”) and then downloaded and installed the new version – all was well 🙂
A worthy tip – if you use multiple browsers I suggest you perform a check on each browser to make sure you have the latest Adobe Flash version. Right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu.
Safe surfing folks!