Security bulletin

Security update available for Linux Flash Player 10.0.12.36 and Linux Flash Player 9.0.151.0

Release date: December 17, 2008

Vulnerability identifier: APSB08-24

CVE number: CVE-2008-5499

Platform: Linux

Summary

A critical vulnerability has been identified in Adobe Flash Player for Linux 10.0.12.36, Adobe Flash Player for Linux 9.0.151.0 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player for Linux by the user for an attacker to exploit this potential vulnerability.

Affected software versions

Adobe Flash Player for Linux 10.0.12.36 and Adobe Flash Player for Linux 9.0.151.0 and earlier.

To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Solution

Adobe recommends all users of Flash Player for Linux 10.0.12.36 and Flash Player for Linux 9.0.151.0 and earlier versions upgrade to the newest version 10.0.15.3 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For users who cannot update to Flash Player for Linux 10.0.15.3, Adobe has developed a patched version, Flash Player for Linux 9.0.152.0, which can be downloaded from the following link.

Severity rating

Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.15.3.

Details

A critical vulnerability has been identified in the Adobe Flash Player for Linux 10.0.12.36, Adobe Flash Player for Linux 9.0.151.0 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. This issue is remotely exploitable.

This issue does not affect Adobe Flash Player for Mac or Windows.