Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash v11.5.502.110 released
- https://www.adobe.com/support/securi...apsb12-24.html
Nov 6, 2012
CVE number:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5274 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5275 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5276 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5277 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5278 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5279 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5280 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
These updates address -critical- vulnerabilities in the software...

Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site: http://www.adobe.com/software/flash/about/

>> http://get.adobe.com/air/

> http://helpx.adobe.com/flash-player/...ase_notes.html
___

- https://secunia.com/advisories/51213/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to a fixed version.
Original Advisory: Adobe (APSB12-24):
http://www.adobe.com/support/securit...apsb12-24.html

[AplusWebMaster]

FYI...

ColdFusion 10 Hotfix available for Windows
- https://www.adobe.com/support/securi...apsb12-25.html
November 19, 2012
CVE number: CVE-2012-5674
Platform: Windows
Summary: Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10 Update 1 and above for Windows
Solution: Adobe recommends customers update their installation of ColdFusion 10 Update 1 and above for Windows to ColdFusion 10 Update 5 using the instructions provided in the technote:
> http://helpx.adobe.com/coldfusion/kb...apsb12-25.html
___

- https://secunia.com/advisories/51335/
Release Date: 2012-11-20
Criticality level: Moderately critical
Impact: DoS
Where: From remote
CVE Reference: CVE-2012-5674
... vulnerability is reported in version 10 update 1 and higher.
Solution: Update to version 10 update 5...

[AplusWebMaster]

FYI...

Flash Player v11.5.502.135 released
- https://www.adobe.com/support/securi...apsb12-27.html
Dec 11, 2012
CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.135.
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136.
- Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.5 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.377.15.
- Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34.
- Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.29.

- Users of Adobe AIR 3.5.0.600 and earlier versions for Windows should update to Adobe AIR 3.5.0.880.
- Users of Adobe AIR 3.5.0.600 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.890.
- Users of the Adobe AIR 3.5.0.600 SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.880 SDK (Windows) or Adobe AIR 3.5.0.890 SDK (Mac)...
- http://get.adobe.com/air/

Flash Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site: http://www.adobe.com/software/flash/about/

- https://secunia.com/advisories/51560/
Release Date: 2012-12-12
Criticality level: Highly critical
Impact: System access
Where: From remote...
___

ColdFusion 10 and earlier - Hotfix available
- https://www.adobe.com/support/securi...apsb12-26.html
December 11, 2012
CVE number: CVE 2012-5675
Platform: All Platforms
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment...
Affected software versions:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Solution:
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb...apsb12-26.html .

- https://secunia.com/advisories/51551/
Release Date: 2012-12-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote...

[AplusWebMaster]

FYI...

Adobe ColdFusion - multiple vulns ...
- https://www.adobe.com/support/securi...apsa13-01.html
January 4, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631
Platform: All
Summary: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX:
CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers. Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set. We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013..."
___

Adobe Reader/Acrobat prenotification for Jan 2013
- https://www.adobe.com/support/securi...apsb13-02.html
Jan 3, 2013 - "Adobe is planning to release security updates on Tuesday, January 8, 2013 for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux..."

[AplusWebMaster]

FYI...

Flash Player v11.5.502.146 released
- https://www.adobe.com/support/securi...apsb13-01.html
Jan 8, 2013
CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0630 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.135 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.2.202.258 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.261.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows: https://support.microsoft.com/kb/2796096
- Users of Adobe Flash Player 11.1.115.34 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.36.
- Users of Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.31.
- Users of Adobe AIR 3.5.0.880 and earlier versions for Windows should update to Adobe AIR 3.5.0.1060.
- Users of Adobe AIR 3.5.0.890 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.1060.
- Users of the Adobe AIR SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.1060 SDK...

Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site: http://www.adobe.com/software/flash/about/

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/51771/
Release Date: 2013-01-08
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference: CVE-2013-0630
Solution: Update to a fixed version...
___

Adobe Reader/Acrobat v11.0.1 released
- https://www.adobe.com/support/securi...apsb13-02.html
Jan 8, 2013
CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.0) for Windows and Macintosh should update to Adobe Reader XI (11.0.1).
- For users of Adobe Reader X (10.1.4) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader X (10.1.5).
- For users of Adobe Reader 9.5.2 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader 9.5.3.
- Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
- Users of Adobe Acrobat XI (11.0.0) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.1).
- Users of Adobe Acrobat X (10.1.4) and earlier versions for Windows and Macintosh should update to Adobe Acrobat X (10.1.5).
- Users of Adobe Acrobat 9.5.2 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.3...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
___

- http://www.securitytracker.com/id/1027952
CVE Reference: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Jan 8 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
Solution: The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).
... advisory is available at:
- http://www.adobe.com/support/securit...apsb13-02.html

[AplusWebMaster]

FYI...

ColdFusion hotfix released
- https://www.adobe.com/support/securi...apsa13-01.html
Last updated: January 16, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
Platform: All
Summary: Adobe has identified four vulnerabilities affecting ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX:
• CVE-2013-0625 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
• CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
• CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
• CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers.
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-03*..."
* https://www.adobe.com/support/securi...apsb13-03.html
>> http://helpx.adobe.com/coldfusion/kb...apsb13-03.html

January 16, 2013 - Advisory revised to correct the versions of ColdFusion vulnerable to CVE-2013-0625.

[AplusWebMaster]

FYI...

Flash v11.5.502.149 released
- https://www.adobe.com/support/securi...apsb13-04.html
Feb 7, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0633 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0634 - 9.3 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates... These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
- Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows...
- Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
- Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.

Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site: http://www.adobe.com/software/flash/about/

- https://blogs.adobe.com/psirt/2013/0...apsb13-04.html

- https://secunia.com/advisories/52116/
Release Date: 2013-02-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0633, CVE-2013-0634
... vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/securit...apsb13-04.html
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/s...visory/2755801
"... updates are available from... Windows Update..."
V7.0 (February 7, 2013): Added KB2811522* to the Current update section.
* http://support.microsoft.com/kb/2811522

[AplusWebMaster]

FYI...

Flash v11.7.700.224 released
- https://www.adobe.com/support/securi...apsb13-16.html
June 11, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3343 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.202 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.224.
- Users of Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.225.
- Users of Adobe Flash Player 11.2.202.285 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.291.
- Adobe Flash Player 11.7.700.203 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.225 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.202 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.224 for Windows 8.
- Users of Adobe Flash Player 11.1.115.58 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.63.
- Users of Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.59.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Windows should update to Adobe AIR 3.7.0.2090.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.2100.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Android should update to Adobe AIR 3.7.0.2090.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.7.0.2090 SDK & Compiler.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.7.0.2100 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/53751/
Release Date: 2013-06-11
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is caused due to an unspecified error and can be exploited to cause memory corruption.
Solution: Update to a fixed version.

[AplusWebMaster]

FYI...

Flash v11.7.700.202 released
- https://www.adobe.com/support/securi...apsb13-14.html
May 14, 2013
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.202.
- Users of Adobe Flash Player 11.2.202.280 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.285.
- Adobe Flash Player 11.7.700.169 installed with Google Chrome (and version 11.7.700.179 on the Windows platform) will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.169 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.202 for Windows 8.
- Users of Adobe Flash Player 11.1.115.54 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.58.
- Users of Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.54.
- Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.7.0.1860.
- Users of Adobe AIR 3.7.0.1660 and earlier versions for Android should update to Adobe AIR 3.7.0.1860.
- Users of the Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1860 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flash...ribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine

>> http://get.adobe.com/air/
___

Adobe Reader/Acrobat v11.0.03 released
- https://www.adobe.com/support/securi...apsb13-15.html
May 14, 2013
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
- For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
- For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
- Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
- Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
- For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
- For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5...
___

ColdFusion hotfix available
- https://www.adobe.com/support/securi...apsb13-13.html
May 14, 2013
CVE number: CVE-2013-1389, CVE-2013-3336
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" ...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb...apsb13-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.

[AplusWebMaster]

FYI...

Adobe Digital Editions v3.0 released
- https://secunia.com/advisories/56578/
Release Date: 2014-01-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0494
... vulnerability is reported in version 2.0.1.
Solution: Upgrade to version 3.0.
Original Advisory:
http://helpx.adobe.com/security/prod...apsb14-03.html

- http://www.adobe.com/products/digita.../download.html