Alert Number:  122007-01
Alert Date:  12/20/07
Alert Title:  Security fix available for Flash and Flex
Update-to:  None
OS/Platform/Application:
Adobe Flash CS3
Adobe Flash Player 9.x
Adobe Flex 2.x
Macromedia Flash 8.x
Macromedia Flash Player 7.x, 8.x
(on all platforms*)
Category:  ALERT
Severity:  HIGH
Attention:  System Administrators, Desktop Support Personnel, Flash, Flash CS3, Flex users.

Summary:  On December 18 2007 Adobe released a security bulletin and software update that addresses nine security vulnerabilities in its popular Flash media player as well as its CS3 and Flex content authoring products.  The most likely method of exploit is the loading of a malicious SWF file into a vulnerable system.  Adobe is rating this upgrade as "Critical".

Recommended Actions:   System Administrators/users are encouraged to read the security bulletin and (if appropriate) install the necessary patches as soon as possible. 

Adobe is recommending all Windows, Mac, and Linux users upgrade their software to version 9.0.115.0.  Please note that download sources will vary based on the software running on your system:

Flash Player for Windows, Mac, and Linux:
http://www.stage.adobe.com/go/getflash

Flash CS3 Professional:
http://www.adobe.com/support/flash/downloads.html

Flex 2.0:
http://www.stage.adobe.com/support/flashplayer/downloads.html#fp9

*Adobe will be releasing an update for Solaris at a later time.  Solaris users who wish to install a public beta version of this software (which fixes the vulnerabilities) at this time can do so from the Adobe Labs page:

http://labs.adobe.com/

Please NOTE that with this bulletin Adobe is retiring support for version 7 of its media player and will no longer be offering updates for this version of the software. 

Readers are encouraged to share this alert with family, friends, and associates who may use Flash or Flex on their home PCs.

ITS Actions:  N/A

Resources:

Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb07-20.html