It’s just so much easier to go to the SANS website rather than have me do a quick rehash of the excellent job they’ve already done in analyzing these vulnerability reports. Take the CRITICALS on the board to heart when consiudering priorities. There are a number of vulnerabilities in this patch release that I am going to be placing on my watch list, and I expect them to get some quick play on the dev boards. Also note the exploit code and 0-day updates. http://isc.sans.edu/diary.html?storyid=9361
Adobe also released a number of patches for their products, patching 6 vulnerabilities in Flash Player, all of them rated critical. Today’s update was 2010’s third for Flash Player, a browser plug-in that’s installed on an estimated 99% of all personal computers. Previous updates in March and June have fixed a total of 33 other flaws. One of the patches is a second try for Adobe. The company tried to patch the CVE-2010-2188 flaw in Flash Player 2 months ago. However, about 2 weeks later, Adobe admitted its fix had failed, leaving users hanging with technical information and research papers published about the vulnerability.
Adobe revealed only the scantest of details about the freshly patched bugs in their security advisory. 5 of the 6 were labeled as “memory corruption” vulnerabilities, while the 6th could potentially be used in a “click-jacking” attack. Adobe is unaware of any in-the-wild exploitation of the vulnerabilities.
Here are the links to the each of the security updates,
Flash Media Server – Rated Critical by Adobe
Adobe AIR and Flash – Rated Critical by Adobe
ColdFusion – Rating : Rated Important by Adobe