ITSS-Advisory : Medium : Apple : Flash Player Plugin

THREAT LEVEL
============
Medium

INFORMATION
===========
Product: Flash Player plug-in
Publisher: Apple
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2009-1870 CVE-2009-1869 CVE-2009-1868
CVE-2009-1867 CVE-2009-1866 CVE-2009-1865
CVE-2009-1864 CVE-2009-1863 CVE-2009-1862

AFFECTED PLATFORMS
==================
Operating System: Mac OS X

IMPACT
======
Multiple vulnerabilities in Adobe Flash Player plug-in
Description: Multiple issues exist in the Adobe Flash Player plug- in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.32.18.

MITIGATION
==========

APPLE-SA-2009-09-10-1 Mac OS X v10.6.1

Mac OS X v10.6.1 is now available and addresses the following issue:

Flash Player plug-in
CVE-ID: CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870 Available for: Mac OS X v10.6, Mac OS X Server v10.6

Mac OS X v10.6.1 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6
The download file is named: MacOSXUpd10.6.1.dmg Its SHA-1 digest is: 2e0c303e0078a488702172d782cb1b882eef543

For Mac OS X Server v10.6
The download file is named: MacOSXServerUpd10.6.1.dmg Its SHA-1 digest is: 736474bbfc70244c1ff951621fa484ccdfcaf3c7

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

REFERENCES
=========

Original Bulletin:
http://support.apple.com/kb/HT3864

Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-10.html