Adobe identifies another critical Flash Player bug


Fresh from its admission that it left a Flash bug untreated for 16 months, Adobe has revealed another critical Flash issue, as well as separate holes in its Reader and Acrobat software.

The software giant says the new Flash vulnerability could subvert the domain sandbox and make unauthorised cross-domain requests. Anyone running Flash Player version and earlier are potentially affected, with Adobe recommending they upgrade to version

Also affected are Adobe AIR versions and earlier, with Adobe similarly recommending that users update to Adobe AIR

Information on which version of Flash is running can be found on the About Flash Player page, or by right-clicking on any content running in the player and selecting "About Adobe [or Macromedia] Flash Player". The check should be performed for each browser installed on the system.

AIR users can see which version number they have installed by following the instructions on the Adobe AIR TechNote.

Adobe has also announced it will be issuing an update next week for its Reader and Acrobat software to resolve critical security issue, including the Flash-related vulnerability detailed above.

The affected versions are Adobe Reader 9.3 for Windows, Mac and UNIX; Adobe Acrobat 9.3 for Windows and Mac; and Adobe Reader 8.2 and Acrobat 8.2 for Windows and Mac.

For the latest details, users are advised to monitor the Adobe Product Security Incident Response Team blog.