Adobe Systems released a massive security update for Flash Player to fix nearly 20 vulnerabilities, while Google Chrome got a security boost of its own.
Included in the Adobe update is a fix for CVE-2010-3654, a bug the company warned about last week and has come under attack. If exploited, the vulnerability can cause the application to crash and allow an attacker to take control of the affected system.
According to Adobe, the vulnerability is being exploited in the wild against Adobe Reader and Acrobat 9.x., which ship with a component called authplay.dll, via malicious PDFs.
“Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64,” Adobe said in an advisory. “We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.”
Google meanwhile plugged 10 security holes in its Chrome browser. Among the bugs considered high risk are an invalid memory read in XPath handling and memory corruption issues.
The latest edition of Chrome, version 7.0.517.44, is for Windows, Macintosh and Linux.