The latest Adobe Flash Player 10.1.53.64 can be downloaded from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.
To address the vulnerabilities described in this Security Bulletin, a prerelease version of Flash Player 10.1 for Solaris platforms is available from Adobe Labs.
For users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0, which can be downloaded from the following link.
Adobe recommends all users of Adobe AIR 18.104.22.16830 and earlier versions update to the newest version 22.214.171.12410 by downloading it from the Adobe AIR Download Center.
The vulnerability also exists in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems, Adobe said. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, ADobde said.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable.
Adobe expects to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010. Please note that the Acrobat and Reader update represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010.