Adobe has published a security bulletin about security vulnerabilities in Adobe Flash Player. In all versions up to the recent 10.0.42.34 Flash objects could evade the Sandbox which would allow for unauthorized cross domain requests. The vulnerability is rated critical. The updated version 10.0.45.2 as well of a fixed build of Adobe AIR 22.214.171.1240 is available in the flash download center and the air download center, respectively. Users should apply the update ASAP and administrators in companies should roll the fixed software out soon, too.
For next Tuesday, Adobe also announced Updates for Adobe Reader and Acrobat. The update will fix critical security issues including the Flash Player vulnerability. Affected are Adobe Reader 9.3 and earlier versions for Windows, Macintosh and UNIX as well as Adobe Acrobat 9.3 and earlier versions for Windows and Macintosh. Administrators should prepare for the roll out.