Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat (APSA10-05) ≪ Adobe Product Security Incident Response Team (PSIRT) Blog We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player 10.x for Windows, Macintosh, Linux and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010. Adobe - Security Advisories: APSA10-05 - Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat Affected software versions

• Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.1.95.2 and earlier for Android
• Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX*
• Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh*

*Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe Reader for Android is not affected by this issue.
Mitigations

Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.

緩和策は、Flashはなし（アンインストール）、Adobe ReaderとAcrobatはauthplay.dllを削除するか別のフォルダーに移動。

今のところReaderとAcrobatへの攻撃のみで、Flash Playerに対する攻撃は確認されていない。

対策版はFlashが11/9までに、Adobe ReaderとAcrobatが11/15の週にリリース予定。

ななめにしかよんでないので、間違ってたらすいませんと。

−追記−
FlashとReader、Acrobatに未修正の脆弱性、Shockwave Playerは更新版公開 　US-CERTによれば、攻撃者はPDFファイルやHTML文書、Microsoft Officeの文書など、Flashコンテンツ（SWF）組み込みに対応しているファイルに細工を施してユーザーに参照させることにより、任意のコードを実行できてしまう可能性がある。