Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Update to Adobe Flash 0-day: Patch will be out soon - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update to Adobe Flash 0-day: Patch will be out soon

Adobe updated its advisory, stating that we should have a patch at least for the "non sandbox" versions of Adobe Acrobat and Reader by April 25th [1]. Flash player will get a fix even earlier (April 15th = this week Friday). Adobe Reader X for Windows, which uses the new "Protected Mode" feature to limited the exploitability of this vulnerability, will have to wait until June 14th.

Little Table to clarify:

  Flash Reader 9 Reader 10.x Reader 10.0.1 Reader 10.0.2 aka "X"
Windows 4/15 4/25 4/25 4/25 6/14
Macintosh 4/15 4/25 4/25 4/25 4/25


for more details, see the URL below.


Update: corrected patch date for Adobe Reader X for Windows. Was 6/25.. but should have been 6/14. Thanks Luc for pointing this out to me!)

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4473 Posts
ISC Handler
Apr 14th 2011
...and Linux?

Sign Up for Free or Log In to start participating in the conversation!