View Full Version : Adobe updates/advisories
AplusWebMaster
2012-01-11, 00:39
FYI...
Adobe Black Tuesday
- https://isc.sans.edu/diary.html?storyid=12364
Last Updated: 2012-01-10 19:38:39 UTC - "Adobe has released 1 bulletin today (Reader & Acrobat: Update to 10.1.2 or 9.5) ...
- http://www.adobe.com/support/security/bulletins/apsb12-01.html
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2462 - 10.0 (HIGH)
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4369 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2470 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4371 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4372 - 7.5 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4373 - 7.5 (HIGH)
Critical ... Users can utilize the product's update mechanism... Help > Check for Updates..."
- https://secunia.com/advisories/45852/
Last Update: 2012-01-16
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 9.5 or 10.1.2.
:fear:
AplusWebMaster
2012-02-14, 15:44
FYI...
Shockwave Player v11.6.4.634 released
- https://www.adobe.com/support/security/bulletins/apsb12-02.html
Feb 14, 2012
CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766
- http://web.nvd.nist.gov/view/vuln/search - (ALL rated CVSS Severity: 10.0 HIGH)
Platform: Windows and Macintosh
Summary: This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634
... available here: http://get.adobe.com/shockwave/ .
Security update available for RoboHelp for Word
* https://www.adobe.com/support/security/bulletins/apsb12-04.html
February 14, 2012
CVE number: CVE-2012-0765
Platform: Windows
Summary: This update addresses an important vulnerability in RoboHelp 9 (or 8) for Word on Windows. A specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word. Adobe recommends users update their product installation using the instructions (at the URL above*)...
:fear::fear:
AplusWebMaster
2012-02-16, 01:48
FYI...
Flash Player v11.1.102.62 released
- https://www.adobe.com/support/security/bulletins/apsb12-03.html
Feb 15, 2012
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0751
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0752
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0753
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0754
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0755
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0756
( -ALL- CVSS v2 Base Score: 10.0 HIGH )
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0767 - 4.3 Last revised: 02/25/2012
Platform: All Platforms
Summary: This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6... For users who cannot update to Flash Player 11.1.102.62, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.15...
Download
>> https://www.adobe.com/products/flashplayer/distribution3.html
- https://market.android.com/details?id=com.adobe.flashplayer&hl=en
Flash Player Android...
___
- https://secunia.com/advisories/48033/
Release Date: 2012-02-16
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, System access
Where: From remote
... reportedly being actively exploited in targeted attacks.
Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb12-03.html
- http://www.securitytracker.com/id/1026694
Date: Feb 16 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...
:fear::fear:
AplusWebMaster
2012-02-24, 16:09
FYI...
Flash Player v11.1.102.62 update
- http://www.symantec.com/security_response/threatconlearn.jsp
Feb 24, 2012 - "On February 15, 2012, Adobe released a patch for Flash Player fixing vulnerabilities on all platforms. One of these is a cross-site scripting (XSS) vulnerability that is being exploited in the wild through links in emails (CVE-2012-0767*, BID 52040). A cross-site scripting vulnerability can allow an attacker to make HTTP requests masquerading as the affected user. Since this vulnerability was reported by Google, it is likely that it has been used in attempted attacks on Gmail accounts - similarly to the XSS vulnerability exploited in June 2011 to infiltrate victims' Gmail accounts (CVE-2011-2107). An attacker must entice a user into visiting a malicious link in the email to trigger the vulnerability. Customers are advised to install applicable updates as soon as possible.
Adobe Security Bulletin: Security update available for Adobe Flash Player ..."
http://forums.spybot.info/showpost.php?p=421773&postcount=60
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0767
Last revised: 02/25/2012 - "... before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x... as exploited in the wild in February 2012"
:fear::fear:
AplusWebMaster
2012-03-06, 16:33
FYI...
Flash Player v11.1.102.63 critical update
- https://www.adobe.com/support/security/bulletins/apsb12-05.html
March 5, 2012
CVE number:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0768 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0769 - 5.0
Platform: All Platforms
Summary: "These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7... For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16..."
___
Download:
The normal distribution site has been updated to the latest versions (@ 3.06.2012 15:45est):
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
___
- https://secunia.com/advisories/48281/
Release Date: 2012-03-06
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote...
Solution: Update to a fixed version...
- http://www.securitytracker.com/id/1026761
Date: Mar 6 2012
CVE Reference: CVE-2012-0768, CVE-2012-0769
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): prior to 11.1.102.63; prior to 11.1.111.7 and 11.1.115.7 for Android
:fear::fear:
AplusWebMaster
2012-03-09, 19:18
FYI...
Flash exploit released...
- http://atlas.arbor.net/briefs/index#-957676977
Severity: Elevated Severity
Published: Thursday, March 08, 2012 20:33
An exploit for a month-old Adobe Flash vulnerability has been released to the public. Ensure systems are protected.
Analysis: This security vulnerability, patched on Feb 15th, was used in a targeted attack around March 5th
- http://contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html *
... and now a Metasploit module has been released to the public. Given the widespread install base of Flash, users are strongly encouraged to ensure that patching has taken place. Now that the code is public, it will likely be used in commodity exploit kits very soon to install malware."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0754 - 10.0 (HIGH)
* https://www.virustotal.com/file/68360603794c0f6d1aff9f6853dbdbb1860a89269d3147dab768034d4195ca62/analysis/
File name: us.exe
Detection ratio: 27/43
Analysis date: 2012-03-07 16:19:36 UTC
* https://www.virustotal.com/file/d018ea9fea664b9608474e1271aaf23fe5d3b6161a2db486592e763475e377bd/analysis/1331313285/
File name: CVE-2012-0744-xls.swf
Detection ratio: 8/43
Analysis date: 2012-03-09 17:14:45 UTC
* https://www.virustotal.com/file/b3a97be4160fb261e138888df276f9076ed76fe2efca3c71b3ebf7aa8713f4a4/analysis/
File name: 12e36f86ce54576cc38b2edfd13e3a5aa6c8d51c.bin
Detection ratio: 24/43
Analysis date: 2012-03-10 23:57:50 UTC
>> http://forums.spybot.info/showpost.php?p=422517&postcount=62
:fear::fear::sad:
AplusWebMaster
2012-03-15, 14:41
FYI...
ColdFusion security update - Hotfix available
- https://www.adobe.com/support/security/bulletins/apsb12-06.html
March 13, 2012 - "... important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This vulnerability could lead to a denial of service attack using a hash algorithm collision. Adobe has provided a solution to address the reported vulnerability. It is recommended that users update their product installation using the instructions provided in the "Solution" section... This update resolves a denial of service attack using a hash algorithm collision ( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0770 )...
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html ..."
- https://secunia.com/advisories/48393/
Release Date: 2012-03-14
:fear:
AplusWebMaster
2012-03-28, 22:06
FYI...
Flash Player v11.2.202.228 released
- https://www.adobe.com/support/security/bulletins/apsb12-07.html
March 28, 2012
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0772 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0773 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
Platform: All Platforms
Summary: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228... Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223... Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted. For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18... Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device. Users of Adobe AIR 3.1.0.4880 for Windows, Macintosh and Android should update to Adobe AIR 3.2.0.2070...
Download: https://www.adobe.com/products/flashplayer/distribution3.html
AIR 3.2.0.2070: AIR Download Center: http://get.adobe.com/air/
Android Marketplace: https://play.google.com/store/apps/details?id=com.adobe.flashplayer&hl=en
Android Marketplace: https://play.google.com/store/apps/details?id=com.adobe.air
Release Notes | Flash Player 11.2, AIR 3.2:
- http://helpx.adobe.com/flash-player/release-note/release-notes-flash-player-11_20120305.html
___
Flash test site: http://www.adobe.com/software/flash/about/
___
Critical Security Update for Adobe Flash Player
- http://atlas.arbor.net/briefs/index#-330930387
Severity: High Severity
Published: Wednesday, March 28, 2012 19:20
Adobe releases a critical update for Flash Player, and also rolls in a more functional automatic update process.
Analysis: Flash has been hit hard by malware authors and use for all sorts of attacks. In the past, it's patching mechanism has been flawed and difficult to use, especially for the average computer user. Their new background update function* should make this easier.
Source: https://krebsonsecurity.com/2012/03/critical-security-update-for-adobe-flash-player-2/
* http://download.windowssecrets.com/images/wsn/W20120329-PW-Flash.jpg
Flash Player / AIR vulns...
- https://secunia.com/advisories/48623/
Release Date: 2012-03-29
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference(s): CVE-2012-0772, CVE-2012-0773
Solution: Update to a fixed version...
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb12-07.html
- http://www.securitytracker.com/id/1026859
CVE Reference: CVE-2012-0772, CVE-2012-0773
Date: Mar 28 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): 11.1.102.63 and prior versions...
Solution: The vendor has issued a fix (11.2.202.228 for Windows, Mac, and Linux; 11.2.202.223 for Solaris; 11.1.111.8 for Android 3.x).
:fear:
AplusWebMaster
2012-04-10, 20:37
FYI...
Adobe Reader/Acrobat security updates available
- https://www.adobe.com/support/security/bulletins/apsb12-08.html#Ratings
April 10, 2012
CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
"... Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- Adobe Reader users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
- Adobe Reader users on Linux can find the appropriate update here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
- Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Acrobat Standard and Pro users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
- Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
- Acrobat Pro users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh ..."
___
- http://www.securitytracker.com/id/1026908
Date: Apr 10 2012
CVE Reference: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
Impact: Execution of arbitrary code via network, User access via network
Version(s): 9.5 and prior versions; 10.1.2 and prior versions
- https://secunia.com/advisories/48733/
Release Date: 2012-04-11
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote...
... more information:
- https://secunia.com/advisories/48033/
- https://secunia.com/advisories/48281/
- https://secunia.com/advisories/48623/
Solution: Apply updates...
:fear::fear:
AplusWebMaster
2012-04-20, 05:55
FYI...
Flash Player v11.2.202.233 released
- https://www.adobe.com/support/security/bulletins/apsb12-07.html
... Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).
April 5, 2012 - Added information on CVE-2012-0724, CVE-2012-0725 and corresponding Google Chrome release.
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0724 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0725 - 10.0 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
___
- http://helpx.adobe.com/flash-player/release-note/release-notes-flash-player-11_20120305.html
Last updated 2012-04-13
... Current Runtime Release Version(s): Flash Player Desktop: 11.2.202.233
Fixed Issues: Printing to local printer generates unusably large print jobs (3158836)...
.. ??
Download: https://www.adobe.com/products/flashplayer/distribution3.html
___
Flash test site: http://www.adobe.com/software/flash/about/
:fear::fear:
AplusWebMaster
2012-05-04, 22:16
FYI...
Flash Player v11.2.202.235 released - 0-day Fix
- https://www.adobe.com/support/security/bulletins/apsb12-09.html
May 4, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0779
Platform: All Platforms
Summary: ... an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows* only. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235... Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9...
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible...
> https://blogs.adobe.com/psirt/2012/05/security-update-available-for-adobe-flash-player-apsb12-09.html
Download: https://www.adobe.com/products/flashplayer/distribution3.html
Android: https://market.android.com/details?id=com.adobe.flashplayer
___
Flash test site: http://www.adobe.com/software/flash/about/
Flash Player update closes critical object confusion hole
Severity: High Severity
- http://atlas.arbor.net/briefs/
Published: Monday, May 07, 2012
Adobe Flash update addresses critical security hole.
Analysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks. Attackers will often use newer vulnerabilities and 0days on special targets of high value first. At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives.
Source: http://h-online.com/-1568704
- https://www.us-cert.gov/current/#adobe_releases_security_advisory_for14
May 4, 2012
- http://www.securitytracker.com/id/1027023
May 4 2012 - "... vulnerability is being actively exploited against Flash Player on Internet Explorer in targeted cases. Microsoft Vulnerability Research (MSVR) reported this vulnerability..."
:fear::fear:
AplusWebMaster
2012-05-09, 05:49
FYI...
Adobe Black Tuesday for May 2012
___
APSB12-13 Security update available for Adobe Shockwave Player
- https://www.adobe.com/support/security/bulletins/apsb12-13.html
5/8/2012
CVE number: CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033
Platform: Windows and Macintosh
... security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635... available here: http://get.adobe.com/shockwave/ ... addresses -critical- vulnerabilities in the software....
APSB12-12 Security bulletin for Adobe Flash Pro
- https://www.adobe.com/support/security/bulletins/apsb12-12.html
5/8/2012
CVE number: CVE-2012-0778
Platform: Windows and Macintosh
... security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has released Adobe Flash Professional CS6, which addresses this vulnerability... (paid upgrade)... addresses a -critical- vulnerability in the software...
APSB12-11 Security bulletin for Adobe Photoshop
- https://www.adobe.com/support/security/bulletins/apsb12-11.html
5/8/2012
CVE number: CVE-2012-2027, CVE-2012-2028
Platform: Windows and Macintosh
... security upgrade for Adobe Photoshop CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities... (paid upgrade)... could lead to code execution CVE-2012-2027, Bugtraq ID 52634, which references:
http://www.securityfocus.com/bid/52634/ This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028)... addresses a -critical- vulnerability in the software...
APSB12-10 Security bulletin for Adobe Illustrator
- https://www.adobe.com/support/security/bulletins/apsb12-10.html
5/8/2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026
Platform: Windows and Macintosh
... security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities... (paid upgrade)... addresses -critical- vulnerabilities in the software...
___
- https://secunia.com/advisories/49086/ - Shockwave Player
- https://secunia.com/advisories/47116/ - Flash Pro
- https://secunia.com/advisories/48457/ - Photoshop
- https://secunia.com/advisories/47118/ - Illustrator
- http://www.securitytracker.com/id/1027037 - Shockwave Player
- http://www.securitytracker.com/id/1027045 - Flash Pro
- http://www.securitytracker.com/id/1027046 - Photoshop
- http://www.securitytracker.com/id/1027047 - Illustrator
:fear::fear::fear::fear:
AplusWebMaster
2012-05-12, 14:11
FYI...
Adobe to release patches for CS5.x ...
- http://h-online.com/-1574341
12 May 2012 - "Adobe has announced* – through changes to the security advisories it issued earlier this week – that it is developing patches for the critical holes in the CS5.x versions of Adobe Photoshop, Illustrator and Flash Professional, after previously advising users that they needed to buy the just-released CS6 versions of the applications... Adobe has given no schedule for the availability of patches. In the original 8 May advisories, the company had said only that users of these products would need to purchase the upgrade from the CS5 and CS5.5 versions to the, just shipping on 7 May, CS6 versions to close the critical holes they were detailing; a move that was seen as effectively charging for security fixes..."
* https://blogs.adobe.com/psirt/2012/05/update-to-security-bulletins-for-adobe-illustrator-apsb12-10-adobe-photoshop-apsb12-11-and-adobe-flash-professional-apsb12-12.html
May 11, 2012 - "... We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available..."
___
Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability
- https://secunia.com/advisories/49160/
Release Date: 2012-05-15
Criticality level: Highly critical
Solution Status: Unpatched...
Adobe Photoshop...
- http://securitytracker.com/id/1027063
Date: May 15 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): CS5.1; possibly other versions...
:fear:
AplusWebMaster
2012-06-05, 17:04
FYI...
Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) released
- https://www.adobe.com/support/security/bulletins/apsb12-10.html
Last updated: June 4, 2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042
Platform: Windows and Macintosh
"... Adobe has released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities highlighted in this security bulletin... users can find the appropriate update for their version/platform here:
Adobe Illustrator CS5 (15.0.3) for Windows
- http://download.adobe.com/pub/adobe/illustrator/win/5_0_3/AdobeIllustrator_15.0.3.zip
Adobe Illustrator CS5 (15.0.3) for Macintosh
- http://download.adobe.com/pub/adobe/illustrator/mac/5_0_3/AdobeIllustrator_15.0.3.dmg
Adobe Illustrator CS5.5 (15.1.1) for Windows
- http://download.adobe.com/pub/adobe/illustrator/win/5_1_1/AdobeIllustrator_15.1.1.zip
Adobe Illustrator CS5.5 (15.1.1) for Macintosh
- http://download.adobe.com/pub/adobe/illustrator/mac/5_1_1/AdobeIllustrator_15.1.1.dmg ..."
Adobe Photoshop vCS5 (12.0.5) and vCS5.1 (12.1.1) released
- https://www.adobe.com/support/security/bulletins/apsb12-11.html
Last updated: June 4, 2012
CVE number: CVE-2012-2027, CVE-2012-2028, CVE-2012-2052
Platform: Windows and Macintosh
"... Adobe has released Adobe Photoshop CS5 (12.0.5) and Adobe Photoshop CS5.1 (12.1.1) to address the vulnerabilities highlighted in this security bulletin... Adobe recommends... customers update their product installations by following the instructions provided in the the technote:
http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html ..."
:fear::fear:
AplusWebMaster
2012-06-08, 23:10
FYI...
Flash Player v11.3.300.257 - AIR v3.3.0.3610 released
- https://www.adobe.com/support/security/bulletins/apsb12-14.html
June 8, 2012
CVE number:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2034 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2035 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2036 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2037 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2038 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2039 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2040 - 7.2 (HIGH)
Platform: All Platforms
Summary: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 19.0.1084.56, which includes Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9.
- Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10.
> https://krebsonsecurity.com/wp-content/uploads/2012/06/flash113-600x157.png
Download: https://www.adobe.com/products/flashplayer/distribution3.html
Android: https://market.android.com/details?id=com.adobe.flashplayer
Flash test site: http://www.adobe.com/software/flash/about/
___
- Users of Adobe AIR 3.2.0.2070 for Windows, Macintosh and Android should update to Adobe AIR 3.3.0.3610...
Adobe recommends users of Adobe AIR 3.2.0.207 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 3.3.0.3610:
- http://get.adobe.com/air/?promoid=JOPDE
Adobe AIR 3.2.0.2070 and earlier versions for Windows, Macintosh and Android... follow the instructions in the Adobe AIR TechNote:
- http://helpx.adobe.com/air/kb/determine-version-air-runtime.html
___
Thanks Brian:
- https://krebsonsecurity.com/2012/06/critical-security-fixes-for-adobe-flash-player/
June 8, 2012
___
Inside Flash Player Protected Mode for Firefox
- https://blogs.adobe.com/asset/2012/06/inside-flash-player-protected-mode-for-firefox.html
June 7, 2012
> https://blogs.adobe.com/asset/files/2012/06/three_processes.jpg
- http://h-online.com/-1614700
9 June 2012
___
- http://www.securitytracker.com/id/1027139
CVE Reference: CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040
Jun 9 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.2.202.235 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (11.3.300.257 for Windows and Mac, 11.2.202.236 for Linux, 11.3.300.257 for Chrome, 11.1.115.9 for Android 4.x, 11.1.111.10 for Android 3.x).
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb12-14.html
- https://secunia.com/advisories/49388/
Last Update: 2012-06-11
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-14.html
- https://www.us-cert.gov/current/#adobe_releases_security_advisory_for15
June 11, 2012 - 9:11 am
:fear::fear:
AplusWebMaster
2012-06-12, 20:15
FYI...
ColdFusion v9.0.1 hotfix available...
- https://www.adobe.com/support/security/bulletins/apsb12-15.html
June 12, 2012
CVE number: CVE-2012-2041
Platforms: All
Summary: Adobe released a security hotfix for ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This update resolves an HTTP response splitting vulnerability in the ColdFusion Component Browser. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
*Note: ColdFusion 10 for Windows, Macintosh and UNIX is not affected by this issue.
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-15.html ...
- http://www.securitytracker.com/id/1027146
CVE Reference: CVE-2012-2041
Jun 12 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 8.0, 8.0.1, 9.0, 9.0.1
:fear:
AplusWebMaster
2012-06-16, 04:32
FYI...
Firefox v13.0.1 released
>>> http://forums.spybot.info/showpost.php?p=426980&postcount=28
June 16, 2012
___
Flash crash - Firefox 13...
- http://h-online.com/-1619399
15 June 2012 - "The latest release of the Flash Player plugin, version 11.3, is causing frequent crashes in Firefox 13 on Windows. The problem seems to be related to the recently introduced Protection Mode, which is supposed to make the plugin run in a sandbox to isolate it from the rest of the system. The number of users experiencing this problem is now so large that Mozilla and Adobe are both offering differing solutions for a fix... Users should on -no- account -downgrade- to build 11.2... as it is known to contain critical security vulnerabilities which are currently being actively exploited... users should install Flash Player 10.3*, in which the vulnerabilities in question have been fixed in a similar way to version 11.3 since Adobe is continuing to supply enterprise customers with security patches for Flash 10."
* http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_10_plugin.exe
:sad:
AplusWebMaster
2012-06-22, 21:52
FYI...
Flash Player v11.3.300.262 released
> http://forums.adobe.com/thread/1027238
Jun 21, 2012 - "... the Windows Flash Player plug-in for Firefox, Mozilla, Netscape, Opera and other browsers was updated to 11.3.300.262. This release addresses stability issue found in Mozilla Firefox. This build does not address the audio issues reported by some customers but we continue to focus on these problems and will continue to do so until they are resolved. If you continue to have problems with this release, please see this tech note* for suggestions and instructions for reporting these issues to us: Flash Player 11.3 compatibility issues with RealPlayer extension in Mozilla Firefox. For full details on the 11.3 release, please see our release notes**."
* http://helpx.adobe.com/flash-player/kb/flash-player-113-crash-mozilla.html
Last updated: 2012-06-22
** http://helpx.adobe.com/flash-player/release-note/enduser-release-notes-11_3.html#main_Known_Issues
Last updated: 2012-06-21
___
> https://www.adobe.com/products/flashplayer/distribution3.html
Windows Flash Player 11.3.300.262 ... Plugin-based browsers:
> http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe
___
Flash test site: http://www.adobe.com/software/flash/about/
:confused:
AplusWebMaster
2012-06-27, 13:36
FYI...
Flash Pro CS5.5 Security Update 11.5.2
- https://www.adobe.com/support/security/bulletins/apsb12-12.html
Last Updated: June 25, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0778 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.
Affected software versions: Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325) and earlier versions for Windows and Macintosh
Solution: Adobe has released Adobe Flash Professional CS5.5 (11.5.2.349) to address the vulnerability highlighted in this security bulletin. Adobe recommends Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) customers update their product installation by following the instructions provided in the technote:
- http://helpx.adobe.com/flash/kb/flash-professional-cs55-security-update.html
...The Security Update is available for download at:
- https://www.adobe.com/support/flash/downloads.html#flashCS55
... This update addresses a critical vulnerability in the software.
Revisions:
June 25, 2012 - Added information on release of update to Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325).
:fear::fear:
AplusWebMaster
2012-07-11, 20:46
FYI...
Flash v11.3.300.265 released
- http://forums.adobe.com/message/4551666#4551666
Jul 11, 2012 - "Flash Player 11.3 Update
Today, Flash Player 11.3.300.265 for Windows and Macintosh was released to address critical audio and stability issues.
For full details on the 11.3 release, please see our release notes.
http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html ..."
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
2012.07.11
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.265
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.265
Chrome 11.3.300.265
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.265
Chrome 11.3.300.265
:fear:
AplusWebMaster
2012-07-27, 21:49
FYI...
Flash v11.3.300.268 released
- http://forums.adobe.com/message/4582208#4582208
Jul 26, 2012 - "Flash Player 11.3.300.268 for Windows and Macintosh was released to address stability issues when browsing and playing Flash content. For full details on the 11.3 release, please see our release notes*..."
* http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
2012.07.27
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.268
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.268
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.268
:fear:
AplusWebMaster
2012-08-03, 08:20
FYI...
Flash v11.3.300.270 released
- http://forums.adobe.com/message/4594596#4594596
Aug 2, 2012 - "... Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi's (available on the distribution page.) No other platforms are affected... Please be aware that this release is -not- available from the Product Download Center (get.adobe.com/flashplayer) which will continue to provide 11.3.300.268. We realize that this might cause confusion for some users. Due to the severity of this issue, we decided to make this build available immediately to help customers affected by this bug. Due to logistical issues and time constraints, we were unable to update the release on the Product Download Center. The next release of Flash Player will correct this disparity. Please note that unless you have been affected by the FlashPlayerUpdateService.exe crash, both 11.3.300.270 and 11.3.300.268 will be functionally identical. This release will be distributed using the following methods:
• Silent auto update - If enabled and functional, the silent auto update service will automatically install this build within 24 hours.
• Direct download - You can download the installers directly using the links below
IE:
- http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player_ax.exe
Plugin-based browsers:
- http://download.macromedia.com/pub/flashplayer/current/support/install_flash_player.exe
___
- https://blogs.adobe.com/psirt/2012/08/prenotification-upcoming-security-updates-for-adobe-reader-and-acrobat.html
August 9, 2012 - "... upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 14, 2012..."
> http://www.adobe.com/go/apsb12-16
Adobe warns of critical holes in Reader, Acrobat
- http://atlas.arbor.net/briefs/
Severity: High Severity
August 09, 2012
Adobe is releasing patches on August 14th to resolve security holes.
Analysis: ... keep these packages up-to-date with automatic update features and ensure updates are applied. Extra layers of hardening around software that integrates with the browser and email client is recommended as these are frequently attacked...
:fear:
AplusWebMaster
2012-08-15, 01:03
FYI...
> https://www.adobe.com/support/security/
Flash updates v11.3.300.271 / v11.2.202.238 released
- https://www.adobe.com/support/security/bulletins/apsb12-18.html
August 14, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 - 9.3 (HIGH)
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.271.
- Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 21.0.1180.79...
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://secunia.com/advisories/50285/
Last Update: 2012-08-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535
... vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.
Solution: Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-18.html
___
Adobe Shockwave v11.6.6.636 released
- https://www.adobe.com/support/security/bulletins/apsb12-17.html
August 14, 2012
CVE number: CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
Platform: Windows and Macintosh
Summary:Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system...
Solution: Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to the newest version 11.6.6.636, available here:
http://get.adobe.com/shockwave/ ...
- https://secunia.com/advisories/50283/
Release Date: 2012-08-14
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 11.6.6.636.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-17.html
___
Adobe Reader/Acrobat X v10.1.4 released
- https://www.adobe.com/support/security/bulletins/apsb12-16.html
August 14, 2012
CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
[Adobe Reader/Acrobat 9.x -before- 9.5.2 and 10.x -before- 10.1.4 on Windows and Mac OS X]
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
Users of Adobe Reader X (10.1.3) and earlier versions for Windows and Macintosh should update to Adobe Reader X (10.1.4).
For users of Adobe Reader 9.5.1 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.4), Adobe has made available the update Adobe Reader 9.5.2.
Users of Adobe Acrobat X (10.1.3) for Windows and Macintosh should update to Adobe Acrobat X (10.1.4).
Users of Adobe Acrobat 9.5.1 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh ...
- https://secunia.com/advisories/50281/
Last Update: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix ...
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
Solution: Apply updates if available.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
- https://secunia.com/advisories/50290/
Release Date: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
... vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: No official solution is currently available...
Original Advisory: http://j00ru.vexillium.org/?p=1175
>> http://h-online.com/-1668153
15 August 2012
:fear::fear::fear:
AplusWebMaster
2012-08-22, 00:09
Win8 users vulnerable to active Flash exploits
- https://www.computerworld.com/s/article/9231076/Adobe_confirms_Windows_8_users_vulnerable_to_active_Flash_exploits
Sep 08, 2012
___
- https://krebsonsecurity.com/2012/08/new-adobe-flash-player-update-fixes-5-flaws/
Aug. 21, 2012 - "For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild..."
Flash v11.4.402.265 released
- https://www.adobe.com/support/security/bulletins/apsb12-19.html
August 21, 2012
CVE number: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
Platform: All Platforms
Details: Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh
Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
Revisions: Aug 30, 2012 - Added information regarding CVE-2012-4171
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4171
08/31/2012
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
___
>> http://get.adobe.com/air/
Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.
> These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168)...
- https://www.adobe.com/support/security/severity_ratings.html
"Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours)."
___
- https://secunia.com/advisories/50354/
Release Date: 2012-08-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-19.html
- http://www.securitytracker.com/id/1027422
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4163 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4164 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4165 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4166 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4167 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4168 - 4.3
Aug 22 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.3.300.271 and prior
Solution: The vendor has issued a fix (11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x)...
:fear::fear:
AplusWebMaster
2012-09-12, 12:36
FYI...
ColdFusion DoS vuln/hotfix
- https://secunia.com/advisories/50523/
Release Date: 2012-09-11
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: Adobe ColdFusion 10.x, 8.x, 9.x
CVE Reference: CVE-2012-2048
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb12-21.html
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html .
___
- http://www.securitytracker.com/id/1027516
Sep 11 2012
:fear:
AplusWebMaster
2012-09-29, 14:50
FYI...
Adobe revocation of code signing certificate
- https://www.adobe.com/support/security/advisories/apsa12-01.html
Sep 27, 2012 - "Summary: Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates signed using a new digital certificate for all affected products...
Affected software versions: The vast majority of Adobe customers will not be impacted by this issue. However, some customers, in particular administrators in managed Windows environments, may need to take certain action. To determine whether you or your organization are impacted, please refer to the support page on the Adobe website*...
* http://helpx.adobe.com/x-productkb/global/certificate-updates.html
- http://nakedsecurity.sophos.com/2012/09/28/adobe-revokes-certificate-after-hackers-compromise-server-sign-malware/
Sep 28, 2012 - "... the issue appears to have been the result of hackers compromising a vulnerable build server. Malware seen using the digital signature includes pwdump7 v 7.1 (a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll). According to Adobe, the second malicious utility is myGeeksmail.dll, a malicious ISAPI filter..."
- https://isc.sans.edu/diary.html?storyid=14194
Last Updated: 2012-09-28
- http://h-online.com/-1719955
28 Sep 2012
:fear:
AplusWebMaster
2012-10-05, 17:45
FYI...
Adobe revokes certificate ...
- https://www.adobe.com/support/security/advisories/apsa12-01.html
Last updated: Oct 4, 2012 - "... Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products. The following certificate has been revoked and the certificate revocation list (CRL) is available at:
http://csc3-2010-crl.verisign.com/CSC3-2010.crl ..."
___
Adobe Cert Used to Sign Malware ...
- http://atlas.arbor.net/briefs/index#666340356
Oct 05, 2012
- https://blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx?Redirected=true
3 Oct 2012
:fear:
AplusWebMaster
2012-10-09, 01:59
FYI...
Flash v11.4.402.287 / AIR v3.4.0.2710 released
- https://www.adobe.com/support/security/bulletins/apsb12-22.html
Oct 8, 2012
CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.4.402.278 and earlier versions for Windows and Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh should update to Adobe Flash Player 11.4.402.287.
• Users of Adobe Flash Player 11.2.202.238 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.243.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version*, which will include Adobe Flash Player 11.3.375.10 for Windows.
• Users of Adobe Flash Player 11.1.115.17 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.20.
• Users of Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.19.
• Users of Adobe AIR 3.4.0.2540 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
• Users of the Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2710 SDK.
• Users of the Adobe AIR 3.4.0.2540 and earlier versions for Android should update to the Adobe AIR 3.4.0.2710...
These updates address critical vulnerabilities in the software...
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://www.us-cert.gov/current/#adobe_releases_security_bulletin_for15
Oct 10, 2012 - Flash v11.4.402.287 released...
___
>> http://get.adobe.com/air/
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
* https://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.microsoft.com/kb/2758994
___
- https://secunia.com/advisories/50876/
Release Date: 2012-10-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb12-22.html
:fear::fear:
AplusWebMaster
2012-10-23, 22:17
FYI...
Shockwave v11.6.8.638 released
- https://www.adobe.com/support/security/bulletins/apsb12-23.html
Oct 23, 2012
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4172 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4173 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4174 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4175 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4176 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5273 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638...
... newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/
... This update addresses critical vulnerabilities in the software...
- https://secunia.com/advisories/51090/
Release Date: 2012-10-24
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
Solution: Update to version 11.6.8.638.
:fear:
AplusWebMaster
2012-11-06, 21:01
FYI...
Flash v11.5.502.110 released
- https://www.adobe.com/support/security/bulletins/apsb12-24.html
Nov 6, 2012
CVE number:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5274 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5275 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5276 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5277 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5278 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5279 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5280 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
These updates address -critical- vulnerabilities in the software...
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
>> http://get.adobe.com/air/
> http://helpx.adobe.com/flash-player/release-note/fp_115_air_35_release_notes.html
___
- https://secunia.com/advisories/51213/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to a fixed version.
Original Advisory: Adobe (APSB12-24):
http://www.adobe.com/support/security/bulletins/apsb12-24.html
:fear::fear:
AplusWebMaster
2012-11-20, 07:06
FYI...
ColdFusion 10 Hotfix available for Windows
- https://www.adobe.com/support/security/bulletins/apsb12-25.html
November 19, 2012
CVE number: CVE-2012-5674
Platform: Windows
Summary: Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10 Update 1 and above for Windows
Solution: Adobe recommends customers update their installation of ColdFusion 10 Update 1 and above for Windows to ColdFusion 10 Update 5 using the instructions provided in the technote:
> http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-25.html
___
- https://secunia.com/advisories/51335/
Release Date: 2012-11-20
Criticality level: Moderately critical
Impact: DoS
Where: From remote
CVE Reference: CVE-2012-5674
... vulnerability is reported in version 10 update 1 and higher.
Solution: Update to version 10 update 5...
:fear:
AplusWebMaster
2012-12-11, 20:12
FYI...
Flash Player v11.5.502.135 released
- https://www.adobe.com/support/security/bulletins/apsb12-27.html
Dec 11, 2012
CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.135.
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136.
- Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.5 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.377.15.
- Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34.
- Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.29.
- Users of Adobe AIR 3.5.0.600 and earlier versions for Windows should update to Adobe AIR 3.5.0.880.
- Users of Adobe AIR 3.5.0.600 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.890.
- Users of the Adobe AIR 3.5.0.600 SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.880 SDK (Windows) or Adobe AIR 3.5.0.890 SDK (Mac)...
- http://get.adobe.com/air/
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://secunia.com/advisories/51560/
Release Date: 2012-12-12
Criticality level: Highly critical
Impact: System access
Where: From remote...
___
ColdFusion 10 and earlier - Hotfix available
- https://www.adobe.com/support/security/bulletins/apsb12-26.html
December 11, 2012
CVE number: CVE 2012-5675
Platform: All Platforms
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment...
Affected software versions:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Solution:
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-26.html .
- https://secunia.com/advisories/51551/
Release Date: 2012-12-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote...
:fear:
AplusWebMaster
2013-01-05, 16:02
FYI...
Adobe ColdFusion - multiple vulns ...
- https://www.adobe.com/support/security/advisories/apsa13-01.html
January 4, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631
Platform: All
Summary: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX:
CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers. Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set. We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013..."
___
Adobe Reader/Acrobat prenotification for Jan 2013
- https://www.adobe.com/support/security/bulletins/apsb13-02.html
Jan 3, 2013 - "Adobe is planning to release security updates on Tuesday, January 8, 2013 for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux..."
:fear::fear:
AplusWebMaster
2013-01-08, 21:14
FYI...
Flash Player v11.5.502.146 released
- https://www.adobe.com/support/security/bulletins/apsb13-01.html
Jan 8, 2013
CVE number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0630 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.135 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.2.202.258 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.261.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows: https://support.microsoft.com/kb/2796096
- Users of Adobe Flash Player 11.1.115.34 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.36.
- Users of Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.31.
- Users of Adobe AIR 3.5.0.880 and earlier versions for Windows should update to Adobe AIR 3.5.0.1060.
- Users of Adobe AIR 3.5.0.890 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.1060.
- Users of the Adobe AIR SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.1060 SDK...
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
>> http://get.adobe.com/air/
___
- https://secunia.com/advisories/51771/
Release Date: 2013-01-08
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference: CVE-2013-0630
Solution: Update to a fixed version...
___
Adobe Reader/Acrobat v11.0.1 released
- https://www.adobe.com/support/security/bulletins/apsb13-02.html
Jan 8, 2013
CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.0) for Windows and Macintosh should update to Adobe Reader XI (11.0.1).
- For users of Adobe Reader X (10.1.4) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader X (10.1.5).
- For users of Adobe Reader 9.5.2 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader 9.5.3.
- Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
- Users of Adobe Acrobat XI (11.0.0) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.1).
- Users of Adobe Acrobat X (10.1.4) and earlier versions for Windows and Macintosh should update to Adobe Acrobat X (10.1.5).
- Users of Adobe Acrobat 9.5.2 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.3...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
___
- http://www.securitytracker.com/id/1027952
CVE Reference: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Jan 8 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
Solution: The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).
... advisory is available at:
- http://www.adobe.com/support/security/bulletins/apsb13-02.html
:fear::fear:
AplusWebMaster
2013-01-16, 00:12
FYI...
ColdFusion hotfix released
- https://www.adobe.com/support/security/advisories/apsa13-01.html
Last updated: January 16, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
Platform: All
Summary: Adobe has identified four vulnerabilities affecting ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX:
• CVE-2013-0625 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
• CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
• CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
• CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers.
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-03*..."
* https://www.adobe.com/support/security/bulletins/apsb13-03.html
>> http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html
January 16, 2013 - Advisory revised to correct the versions of ColdFusion vulnerable to CVE-2013-0625.
:fear::fear:
AplusWebMaster
2013-02-08, 00:05
FYI...
Flash v11.5.502.149 released
- https://www.adobe.com/support/security/bulletins/apsb13-04.html
Feb 7, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0633 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634 - 9.3 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates... These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
- Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows...
- Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
- Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.
Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://blogs.adobe.com/psirt/2013/02/security-updates-available-for-adobe-flash-player-apsb13-04.html
- https://secunia.com/advisories/52116/
Release Date: 2013-02-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0633, CVE-2013-0634
... vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-04.html
___
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
"... updates are available from... Windows Update..."
V7.0 (February 7, 2013): Added KB2811522* to the Current update section.
* http://support.microsoft.com/kb/2811522
:fear::fear:
AplusWebMaster
2013-02-12, 22:36
FYI...
Flash Player v11.6.602.168 released
- https://www.adobe.com/support/security/bulletins/apsb13-05.html
February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
https://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2013-0637&search_type=last3months&cves=on
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.168.
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.167.
- Users of Adobe Flash Player 11.2.202.262 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.270.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.167 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.167 for Windows.
- Users of Adobe Flash Player 11.1.115.37 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.47.
- Users of Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.43.
- Users of Adobe AIR 3.5.0.1060 and earlier versions should update to Adobe AIR 3.6.0.597.
- Users of the Adobe AIR 3.5.0.1060 SDK (including AIR for iOS) and earlier should update to the new Adobe AIR 3.6.0.599 SDK + Compiler...
- https://www.adobe.com/support/security/bulletins/apsb13-05.html#Ratings
Product Updated version Platform Priority rating
Adobe Flash Player 11.6.602.168 Windows 1
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
>> http://get.adobe.com/air/
___
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
"... updates are available from... Windows Update..."
V8.0 (February 12, 2013): Added KB2805940 to the Current update section.
* http://support.microsoft.com/kb/2805940
___
Shockwave Player v12.0.0.112 released
- https://www.adobe.com/support/security/bulletins/apsb13-06.html
February 12, 2013
CVE number: CVE-2013-0635, CVE-2013-0636
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.8.638 and earlier versions update to Adobe Shockwave Player 12.0.0.112...
>> http://get.adobe.com/shockwave/
.
AplusWebMaster
2013-02-13, 14:30
FYI...
Adobe 0-day Reader/Acrobat exploit in-the-wild
- https://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
Feb 12, 2013 10:45 PM - "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog* for the latest information."
* http://blogs.adobe.com/psirt/
- https://secunia.com/advisories/52196/
Release Date: 2013-02-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution: No official solution is currently available.
... Reported as a 0-day.
Original Advisory:
- https://www.adobe.com/support/security/advisories/apsa13-02.html
Last updated: Feb 16, 2013
CVE number: CVE-2013-0640, CVE-2013-0641
"... Mitigations: Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here:
> https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedview.html
... Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013..."
- http://arstechnica.com/security/2013/02/thanks-adobe-protection-for-critical-zero-day-exploit-not-on-by-default/
Feb 14, 2013 - "... the "protected view" feature prevents the current attacks from working — but only if it's manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the "Files from potentially unsafe locations," or even the "All files" option. Then click OK.
There's also a way for administrators to enable protected view on Windows machines across their organization... It's unclear why protected view isn't turned on by default..."
>> http://www.f-secure.com/weblog/archives/AdobeReader11PreferencesProtectedView.png
- http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
Feb 13, 2013 - "... we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain... we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public..."
- http://www.f-secure.com/weblog/archives/00002500.html
Feb 13, 2013 - "... Consider mitigating your Adobe Reader usage until there's an update from Adobe..."
- http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
Feb 13, 2013 - "... Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes... To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources..."
___
ThreatCon is currently at Level 2: Elevated.
- https://www.symantec.com/security_response/threatconlearn.jsp
"... On February 7, 2013, Adobe released a patch for Adobe Flash Player. This release addresses CVE-2013-0633 (BID 57788) and CVE-2013-0634 (BID 57787), which are being actively exploited in the wild, distributed through malicious Word documents...
[superseded by APSB13-05: https://www.adobe.com/support/security/bulletins/apsb13-05.html
... Adobe Flash Player 11.6.602.168... February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
https://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2013-0637&search_type=last3months&cves=on ...]"
:sad: :fear:
AplusWebMaster
2013-02-20, 20:18
FYI...
Adobe Reader/Acrobat 11.0.02 released
- https://www.adobe.com/support/security/bulletins/apsb13-07.html
February 20, 2013
CVE number:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0640 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0641 - 9.3 (HIGH)
Platform: All Platforms
"... Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
• For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
• For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
• Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
• Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
• Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
• Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4...
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
Adobe Reader users on Linux can find the appropriate update here:
- ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard, Pro and Pro Extended users on Windows can also find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh ..."
New Downloads:
- https://www.adobe.com/support/downloads/new.jsp
:fear:
AplusWebMaster
2013-02-27, 14:13
FYI...
Flash 11.6.602.171 released
- https://www.adobe.com/support/security/bulletins/apsb13-08.html
Feb 26, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0504 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0643 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0648 - 9.3 (HIGH)
Platform: All platforms
Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Summary: Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.
- Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.
- Adobe Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site: http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
___
MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
"... updates are available from... Windows Update..."
Affected Software: Windows 8, Windows Server 2012, Windows RT
V9.0 (February 26, 2013): Added KB2819372 to the Current Update section.
___
- https://secunia.com/advisories/52374/
Release Date: 2013-02-27
Criticality level: Extremely critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com/support/security/bulletins/apsb13-08.html
___
-Fake- Adobe Flash update page
- https://www.symantec.com/connect/sites/default/files/images/Figure1_6.png
Feb 27, 2013
- http://www.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud
Feb 27, 2013 - "... To ensure that you do not become a victim in the first place, please ensure that your antivirus definitions are constantly updated and that your software packages are also regularly updated. Do not download updates from third-party sites and always double check the URL of the download that is being offered."
:fear:
AplusWebMaster
2013-03-12, 20:02
FYI...
Flash v11.6.602.180 released
- https://www.adobe.com/support/security/bulletins/apsb13-09.html
March 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0646 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0650 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1371 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1375 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.6.602.180.
- Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275.
- Adobe Flash Player 11.6.602.171 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.6.602.171 installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.180 for Windows.
- Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48.
- Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.44.
- Users of Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.6.0.6090.
- Users of the Adobe AIR 3.6.0.597 SDK and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK.
- Users of the Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK & Compiler.
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
>> http://get.adobe.com/air/
:fear:
AplusWebMaster
2013-04-09, 22:07
FYI...
Flash v11.7.700.169 released
- https://www.adobe.com/support/security/bulletins/apsb13-11.html
April 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1378 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1379 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1380 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2555 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.169.
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280.
- Adobe Flash Player 11.6.602.180 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.179 for Windows and 11.7.700.169 for Macintosh and Linux.
- Adobe Flash Player 11.6.602.180 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.169 for Windows 8.
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54.
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.50.
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.7.0.1530.
- Users of the Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1530 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
>> http://get.adobe.com/air/
- https://secunia.com/advisories/52931/
Release Date: 2013-04-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
___
Shockwave v12.0.2.122 released
- https://www.adobe.com/support/security/bulletins/apsb13-12.html
April 9, 2013
CVE number: CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.0.112 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to Adobe Shockwave Player 12.0.2.122 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to the newest version 12.0.2.122, available here: http://get.adobe.com/shockwave/
- https://secunia.com/advisories/52981/
Release Date: 2013-04-10
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 12.0.2.122
___
ColdFusion hotfix
- https://www.adobe.com/support/security/bulletins/apsb13-10.html
April 9, 2013
CVE number: CVE-2013-1387, CVE-2013-1388
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-10.html
- https://secunia.com/advisories/52995/
Release Date: 2013-04-10
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing
Where: From remote...
Solution: Apply hotfix.
:fear:
AplusWebMaster
2013-05-09, 17:03
FYI...
0-day ColdFusion critical vulnerability - https://isc.sans.edu/diary.html?storyid=15770
- https://www.adobe.com/support/security/advisories/apsa13-03.html
May 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3336
Summary: Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.
There are reports that an exploit for this vulnerability is publicly available. ColdFusion customers who have restricted public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories (as outlined in the ColdFusion 9 Lockdown Guide* and ColdFusion 10 Lockdown Guide**) are already mitigated against this issue. Customers who have not already applied these steps can protect themselves from CVE-2013-3336 by implementing the following configuration settings:
- Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide**
We are in the process of finalizing a fix for this issue and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to be available on May 14, 2013...
* http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf
** http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf
Revisions - May 9, 2013: Revised to clarify the CFIDE/gettingstarted directory is only applicable to ColdFusion version 8.x and earlier.
- http://atlas.arbor.net/briefs/index#366717635
Severity: High Severity
May 09, 2013 17:23
"... being exploited in the wild..."
___
Prenotification Security Advisory for Adobe Reader and Acrobat
- https://www.adobe.com/support/security/bulletins/apsb13-15.html
May 9, 2013 - "Summary: Adobe is planning to release security updates on Tuesday, May 14, 2013 for Adobe Reader and Acrobat..."
:fear::fear:
AplusWebMaster
2013-05-14, 19:39
FYI...
Flash v11.7.700.202 released
- https://www.adobe.com/support/security/bulletins/apsb13-14.html
May 14, 2013
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.202.
- Users of Adobe Flash Player 11.2.202.280 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.285.
- Adobe Flash Player 11.7.700.169 installed with Google Chrome (and version 11.7.700.179 on the Windows platform) will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.169 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.202 for Windows 8.
- Users of Adobe Flash Player 11.1.115.54 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.58.
- Users of Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.54.
- Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.7.0.1860.
- Users of Adobe AIR 3.7.0.1660 and earlier versions for Android should update to Adobe AIR 3.7.0.1860.
- Users of the Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1860 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
>> http://get.adobe.com/air/
___
Adobe Reader/Acrobat v11.0.03 released
- https://www.adobe.com/support/security/bulletins/apsb13-15.html
May 14, 2013
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
- For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
- For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
- Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
- Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
- For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
- For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5...
___
ColdFusion hotfix available
- https://www.adobe.com/support/security/bulletins/apsb13-13.html
May 14, 2013
CVE number: CVE-2013-1389, CVE-2013-3336
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" ...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.
:fear::fear::fear:
AplusWebMaster
2013-06-11, 20:56
FYI...
Flash v11.7.700.224 released
- https://www.adobe.com/support/security/bulletins/apsb13-16.html
June 11, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3343 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.202 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.224.
- Users of Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.225.
- Users of Adobe Flash Player 11.2.202.285 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.291.
- Adobe Flash Player 11.7.700.203 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.225 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.202 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.224 for Windows 8.
- Users of Adobe Flash Player 11.1.115.58 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.63.
- Users of Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.59.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Windows should update to Adobe AIR 3.7.0.2090.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.2100.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Android should update to Adobe AIR 3.7.0.2090.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.7.0.2090 SDK & Compiler.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.7.0.2100 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
>> http://get.adobe.com/air/
___
- https://secunia.com/advisories/53751/
Release Date: 2013-06-11
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is caused due to an unspecified error and can be exploited to cause memory corruption.
Solution: Update to a fixed version.
:fear::fear:
AplusWebMaster
2013-07-09, 21:30
FYI...
Flash Player 11.8.800.94 released
- https://www.adobe.com/support/security/bulletins/apsb13-17.html
July 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3344 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3345 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3347 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297.
- Adobe Flash Player 11.7.700.225 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.97 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.224 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.94 for Windows 8.
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69.
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.64...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
___
Shockwave Player 12.0.3.133 released
- https://www.adobe.com/support/security/bulletins/apsb13-18.html
July 9, 2013
CVE number: CVE-2013-3348
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to Adobe Shockwave Player 12.0.3.133...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to the newest version 12.0.3.133, available here:
- http://get.adobe.com/shockwave/
___
ColdFusion hotfixes available
- https://www.adobe.com/support/security/bulletins/apsb13-19.html
July 9, 2013
CVE number: CVE-2013-3349, CVE-2013-3350
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10 for Windows, Macintosh and Linux. This hotfix addresses a vulnerability (CVE-2013-3350) that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets. Adobe has released a security hotfix for ColdFusion versions 9.0, 9.0.1 and 9.0.2 on JRun. This hotfix addresses a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun. ColdFusion 10 customers are not affected by CVE-2013-3349.
Adobe recommends users update their product installation...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html ...
___
- https://isc.sans.edu/diary.html?storyid=16129
Last Updated: 2013-07-09 18:41:00 UTC
___
Flash:
- https://secunia.com/advisories/53975/
Shockwave:
- https://secunia.com/advisories/53894/
ColdFusion:
- https://secunia.com/advisories/53997/
- https://secunia.com/advisories/54024/
:fear::fear::fear:
AplusWebMaster
2013-09-10, 19:49
FYI...
Flash Player v11.8.800.168 released
- http://www.adobe.com/support/security/bulletins/apsb13-21.html
Sep 10, 2013
CVE number: CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.8.800.168.
- Users of Adobe Flash Player 11.2.202.297 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.310.
- Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.8.800.94 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.168 for Windows 8.
- Users of Adobe Flash Player 11.1.115.69 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.81.
- Users of Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.73.
- Users of Adobe AIR 3.8.0.870 and earlier versions for Windows and Android should update to Adobe AIR 3.8.0.1430.
- Users of Adobe AIR 3.8.0.910 and earlier versions for Macintosh should update to Adobe AIR 3.8.0.1430.
- Users of the Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
- Users of the Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.8.0.1430 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
Adobe AIR 3.8
- http://get.adobe.com/air/
- https://secunia.com/advisories/54697/
Release Date: 2013-09-10
Criticality: Highly Critical
Software: Adobe AIR 3.x, Adobe Flash Player 11.x
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-21.html
___
Adobe Reader / Acrobat v11.0.04 released
- http://www.adobe.com/support/security/bulletins/apsb13-22.html
Sep 10, 2013
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.03) for Windows and Macintosh should update to Adobe Reader XI (11.0.04).
- For users of Adobe Reader X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.04), Adobe has made available the update Adobe Reader X (10.1.8 ).
- Users of Adobe Acrobat XI (11.0.03) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.04).
- For users of Adobe Acrobat X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.04), Adobe has made available the update Adobe Acrobat X (10.1.8 )...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
Help >About >Check for updates...
- https://secunia.com/advisories/54694/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-22.html
___
Shockwave Player v12.0.4.144 released
- http://www.adobe.com/support/security/bulletins/apsb13-23.html
Sep 10, 2013
CVE number: CVE-2013-3359 and CVE-2013-3360
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to Adobe Shockwave Player 12.0.4.144 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to the newest version 12.0.4.144, available here:
- http://get.adobe.com/shockwave/
- https://secunia.com/advisories/54700/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3359, CVE-2013-3360
... can be exploited by malicious people to compromise a user's system.
Solution: Update to version 12.0.4.144.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-23.html
:fear::fear::fear:
AplusWebMaster
2013-09-21, 22:53
FYI...
Flash Player 11.8.800.175 (Win IE) ...
- http://forums.adobe.com/message/5698133
Sep 19, 2013 - "... Flash Player 11.8.800.175 is available for download via our auto update mechanism. This update includes multiple stability fixes for the Windows ActiveX (Internet Explorer) plugin only ...
Bug fixes: 3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side..."
Flash Player 11.8.800.175 (Win IE) ...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
___
Text is corrupted when it's typed into a webpage that uses Adobe Flash Player after you install security update 2880289
- http://support.microsoft.com/kb/2889543
Last Review: September 24, 2013 - Revision: 2.0
"... issue is resolved in the current release of Adobe Flash Player. For more information, see the following Adobe release notes:
- http://helpx.adobe.com/en/flash-player/release-note/fp_118_air_38_release_notes.html
"...Fixed Issues
September 24th, 2013
3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side
3631555 - [Windows][IE] ExternalInterface.call() does not work normally since flash player 11.8.800.168
3631605 - [Windows][IE][Video] Video playback failure in Nico Video ...
- http://helpx.adobe.com/en/flash-player/release-note/fp_118_air_38_release_notes.html#released_versions
Flash Player Desktop (Win Internet Explorer) 11.8.800.175 ..."
* http://support.microsoft.com/kb/2880289
Last Review: September 24, 2013 - Revision: 4.1
:fear:
AplusWebMaster
2013-10-08, 19:47
FYI...
Flash Player v11.9 / AIR 3.9
- http://helpx.adobe.com/en/flash-player/release-note/fp_119_air_39_release_notes.html#released_versions
Oct 8, 2013
Deliverable Released Version
Flash Player Desktop (Win Internet Explorer) 11.9.900.117
Flash Player Desktop (Win Other Browsers) 11.9.900.117
Flash Player Desktop (Mac) 11.9.900.117
Flash Player Desktop (Linux) 11.2.202.310
Flash Player Enterprise 11.7 (Mac and Win) 11.7.700.242
Flash Player Desktop (Win 8) 11.9.900.117
Flash Player Desktop (Chrome) 11.9.900.117
AIR Desktop (Win) 3.9.0.1030
AIR Desktop (Mac) 3.9.0.1030
AIR Android 3.9.0.1060
AIR SDK & Compiler(Win) 3.9.0.1030
AIR SDK & Compiler(Mac) 3.9.0.1030
AIR SDK(Win) 3.9.0.1030
AIR SDK(Mac) 3.9.0.1030
- http://forums.adobe.com/message/5744968#5744968
Oct 8, 2013
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
Adobe AIR 3.9
- http://get.adobe.com/air/
___
Adobe Reader/Acrobat v11.0.05 released
- http://www.adobe.com/support/security/bulletins/apsb13-25.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5325 - 9.3 (HIGH)
[Last revised: 10/10/2013]
Platform: Windows
"Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows. These updates address a -regression- that occurred in version 11.0.04 affecting Javascript security controls. Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are -not- affected, and all versions of Adobe Reader and Acrobat for Macintosh are also -not- affected by this vulnerability. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.04) for Windows should update to Adobe Reader XI (11.0.05).
- Users of Adobe Acrobat XI (11.0.04) for Windows should update to Adobe Acrobat XI (11.0.05)...
Adobe Reader: Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
___
Adobe RoboHelp - Security update
- http://www.adobe.com/support/security/bulletins/apsb13-24.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5327 - 10.0 (HIGH)
Platform: Windows
"Summary: Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section...
This update addresses a -critical- vulnerability in the software..."
Affected software versions: RoboHelp 10 for Windows
Solution: Adobe recommends users of RoboHelp 10 apply the fix...
(See the Adobe URL above for links and fix.)
:fear::fear:
AplusWebMaster
2013-11-12, 22:47
FYI...
Flash v11.9.900.152 released
- https://www.adobe.com/support/security/bulletins/apsb13-26.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5329 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5330 - 10.0 (HIGH)
Platform: All Platforms
"Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.152.
- Users of Adobe Flash Player 11.2.202.310 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.327.
- Adobe Flash Player 11.9.900.117 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.152 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.0
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.1
- Users of Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1210.
- Users of Adobe AIR 3.9.0.1060 and earlier versions for Android should update to Adobe AIR 3.9.0.1210.
- Users of the Adobe AIR 3.9.0.1030 SDK and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK.
- Users of the Adobe AIR 3.9.0.1030 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK & Compiler...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
Adobe AIR 3.9.0.1210
- http://get.adobe.com/air/
___
ColdFusion hotfix...
- https://www.adobe.com/support/security/bulletins/apsb13-27.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5326 - 3.5
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5328 - 7.8 (HIGH)
Platform: All platforms
"Summary: Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. This hotfix also addresses a vulnerability (CVE-2013-5328) in ColdFusion 10 that could permit unauthorized remote read access...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html
:fear::fear:
AplusWebMaster
2013-12-10, 21:36
FYI...
Flash 11.9.900.170 released
- http://helpx.adobe.com/security/products/flash-player/apsb13-28.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5331 - 9.3 (HIGH)
"... as exploited in the wild in December 2013."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5332 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack.
Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.170.
• Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332.
• Adobe Flash Player 11.9.900.152 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.170 for Windows, Macintosh and Linux.
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.0
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.1
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1380.
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Android should update to Adobe AIR 3.9.0.1380.
• Users of the Adobe AIR 3.9.0.1210 SDK and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK.
• Users of the Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK & Compiler...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
- https://secunia.com/advisories/55948/
Criticality: Highly Critical
___
Shockwave 12.0.7.148 released
- http://helpx.adobe.com/security/products/shockwave/apsb13-29.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5333 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5334 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to Adobe Shockwave Player 12.0.7.148 using the instructions provided in the "Solution" section below.
Affected software versions: Adobe Shockwave Player 12.0.6.147 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to the newest version 12.0.7.148, available here:
- http://get.adobe.com/shockwave/
- https://secunia.com/advisories/55952/
Criticality: Highly Critical
:fear::fear:
AplusWebMaster
2014-01-10, 04:52
FYI...
Prenotification Security Advisory for Adobe Reader and Acrobat
- http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
Jan 9, 2014 - "Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh... This Security Advisory will be replaced with the Security Bulletin upon release of the update on Tuesday, January 14, 2014..."
:fear::fear:
AplusWebMaster
2014-01-14, 20:03
FYI...
Flash 12.0.0.38 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
Jan 14, 2014
CVE number: CVE-2014-0491, CVE-2014-0492
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.332 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.
- Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.0.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.1.
-- Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.
- Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.
- Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.
- Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
___
Adobe Reader/Acrobat 11.0.06 released
- http://helpx.adobe.com/security/products/reader/apsb14-01.html
Jan 14, 2014
CVE Numbers: CVE-2014-0493, CVE-2014-0495, CVE-2014-0496
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.05) for Windows and Macintosh should update to Adobe Reader XI 11.0.06.
- For users of Adobe Reader X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.06), Adobe has made available the update Adobe Reader X (10.1.9).
- Users of Adobe Acrobat XI (11.0.05) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.06).
- For users of Adobe Acrobat X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.06), Adobe has made available the update Adobe Acrobat X (10.1.9)...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
:fear::fear:
AplusWebMaster
2014-01-23, 16:23
FYI...
Adobe Digital Editions v3.0 released
- https://secunia.com/advisories/56578/
Release Date: 2014-01-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0494
... vulnerability is reported in version 2.0.1.
Solution: Upgrade to version 3.0.
Original Advisory:
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
- http://www.adobe.com/products/digital-editions/download.html
:fear:
AplusWebMaster
2014-02-04, 22:09
FYI...
Flash 12.0.0.44 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
Feb 4, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.
- Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.
- Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1...
These updates address -critical- vulnerabilities in the software...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
___
- https://secunia.com/advisories/56737/
Release Date: 2014-02-05
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution Status: Vendor Patch
... vulnerability is actively exploited in the wild.
Reported as a 0-Day...
CVE Reference: CVE-2014-0497
Solution: Update to a fixed version...
- http://atlas.arbor.net/briefs/index#375357101
High Severity
6 Feb 2014
CVE-2014-0497 – a 0-day vulnerability
- https://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability
Feb 5, 2014
:fear: :fear: :sad:
AplusWebMaster
2014-02-12, 00:13
FYI...
Shockwave Player 12.0.9.149 released
- http://helpx.adobe.com/security/products/shockwave/apsb14-06.html
Feb 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0500 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0501 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system... Adobe recommends users of Adobe Shockwave Player 12.0.7.148 and earlier versions update to the newest version 12.0.9.149, available here:
- http://get.adobe.com/shockwave/
___
Test Shockwave
- http://www.adobe.com/shockwave/welcome/
___
- https://secunia.com/advisories/56740/
Release Date: 2014-02-11
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0500, CVE-2014-0501
Solution: Update to version 12.0.9.149
:fear:
AplusWebMaster
2014-02-20, 21:52
FYI...
Flash 12.0.0.70 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
Feb 20, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499 - 7.8 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..."
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70.
- Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.
- Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.
- Users of Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628.
- Users of the Adobe AIR 4.0.0.1390 SDK and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK.
- Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK & Compiler...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
___
- https://secunia.com/advisories/57057/
Release Date: 2014-02-21
Criticality: Extremely Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
Solution:
Update to a fixed version...
:fear: :fear:
AplusWebMaster
2014-03-11, 17:48
FYI...
Flash 12.0.0.77 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
March 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0503 - 6.4
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 - 5.0
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. These updates address -important- vulnerabilities, and Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.77
- Users of Adobe Flash Player 11.2.202.341 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.346
- Adobe Flash Player 12.0.0.70 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.77 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.0.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.1...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
:fear:
AplusWebMaster
2014-03-13, 20:48
FYI...
Shockwave 12.0.9.150 released
- http://helpx.adobe.com/security/products/shockwave/apsb14-10.html
March 13, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0505 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.9.149 and earlier versions on the Windows and Macintosh operating systems. This update addresses a -critical- vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to Adobe Shockwave Player 12.1.0.150 using the instructions provided in the "Solution" section...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to the newest version 12.1.0.150, available here:
- http://get.adobe.com/shockwave/
___
- https://secunia.com/advisories/57277/
Release Date: 2014-03-14
Criticality: Highly Critical
Where: From remote
Impact: System access...
... vulnerability is reported in versions 12.0.9.149 and prior running on Windows and Macintosh.
Solution: Update to version 12.1.0.150.
:fear:
AplusWebMaster
2014-03-22, 16:20
FYI...
Flash exploit in-the-wild ...
- http://www.threattracksecurity.com/it-blog/adobe-exploit-cve-2014-0502/
Mar 21, 2014 - "... new exploit in the wild going after a known Adobe vulnerability... detected the file cc.swf delivered via the malicious link hxxp ://java-sky .com/swf/cc.swf**... Only 7/51 antivirus vendors on VirusTotal* detect the malicious payload at the time of this post..."
* https://www.virustotal.com/en/file/8c9168f29526a38f5ab4563f8bb82a390eff4fd5a826a4d4986e1e6fe679d87f/analysis/
** 50.62.99.1 - https://www.virustotal.com/en/ip-address/50.62.99.1/information/
- http://google.com/safebrowsing/diagnostic?site=AS:26496
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)
Latest Flash version 12.0.0.77
- http://forums.spybot.info/showthread.php?12890-Adobe-updates-advisories&p=451165&viewfull=1#post451165
Flash test site:
- http://www.adobe.com/software/flash/about/
:mad: :fear:
AplusWebMaster
2014-04-08, 21:07
FYI...
Flash 13.0.0.182 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
Release date: April 8, 2014
Vulnerability identifier: APSB14-09
CVE number: CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.182
- Users of Adobe Flash Player 11.2.202.346 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.350.
- Adobe Flash Player 12.0.0.77 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.182 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.77 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.0.
- Adobe Flash Player 12.0.0.77 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.1.
- Users of Adobe AIR 4.0.0.1628 and earlier versions for Android should update to Adobe AIR 13.0.0.83.
- Users of the Adobe AIR 4.0.0.1628 SDK and earlier versions should update to the Adobe AIR 13.0.0.83 SDK.
- Users of the Adobe AIR 4.0.0.1628 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.83 SDK & Compiler...
* Beginning May 13, 2014, Adobe Flash Player 13 for Mac and Windows will replace version 11.7 as the extended support version. Adobe recommends users upgrade to version 13 to continue to receive security updates. See this blog post for further details:
- http://blogs.adobe.com/flashplayer/2014/03/upcoming-changes-to-flash-players-extended-support-release.html
___
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
:fear:
AplusWebMaster
2014-04-15, 06:50
FYI...
Adobe Reader Mobile 11.2 released
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
April 14, 2014
CVE Number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0514 - 9.3
Platform: Android
Summary: Adobe has released a security update for Adobe Reader Mobile for the Android operating system. This update addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users update their product installations...
Solution: Adobe recommends users of Adobe Reader Mobile update to the newest version, available here:
- https://play.google.com/store/apps/details?id=com.adobe.reader
This update addresses a critical vulnerability in the software..."
___
- https://secunia.com/advisories/57928/
Release Date: 2014-04-15
Criticality: Highly Critical
Where: From remote
Impact: System access ...
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0514
... vulnerability is reported in versions 11.1.3 and prior.
Solution: Update to version 11.2.
Original Advisory: APSB14-12:
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
:fear::fear:
AplusWebMaster
2014-04-28, 19:39
FYI...
Flash 13.0.0.206 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
April 28, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 13.0.0.182 and earlier versions for Windows should update to Adobe Flash Player 13.0.0.206.
• Users of Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh should update to Adobe Flash Player 13.0.0.206.
• Users of Adobe Flash Player 11.2.202.350 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.356.
• Adobe Flash Player 13.0.0.182 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.206 for Windows, Macintosh and Linux.
• Adobe Flash Player 13.0.0.182 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.0.
• Adobe Flash Player 13.0.0.182 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.1...
___
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
___
- http://atlas.arbor.net/briefs/index#-638897988
Extreme Severity
01 May 2014
... critical flaw (CVE-2014-0515*) in Flash Player currently being exploited...
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515 - 10.0
Last revised: 05/31/2014 - "... as exploited in the wild in April 2014"
:fear::fear:
AplusWebMaster
2014-05-13, 21:02
FYI...
Flash 13.0.0.214 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-14.html
May 13, 2014
CVE number: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.214.
- Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359.
- Adobe Flash Player 13.0.0.206 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.214 for Windows, Macintosh and Linux.
- Adobe Flash Player 13.0.0.206 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.0.
- Adobe Flash Player 13.0.0.206 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.1.
- Users of the Adobe AIR 13.0.0.83 SDK and earlier versions should update to the Adobe AIR 13.0.0.111 SDK.
- Users of the Adobe AIR 13.0.0.83 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.111 SDK & Compiler...
___
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
___
Reader/Acrobat 11.0.07 released
- https://helpx.adobe.com/security/products/reader/apsb14-15.html
May 13, 2014
CVE numbers: CVE-2014-0511, CVE-2014-0512, CVE-2014-0521, CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0525, CVE-2014-0526, CVE-2014-0527, CVE-2014-0528, CVE-2014-0529
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.06) for Windows and Macintosh should update to Adobe Reader XI (11.0.07).
- For users of Adobe Reader X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.07), Adobe has made available the update Adobe Reader X (10.1.10).
- Users of Adobe Acrobat XI (11.0.06) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.07).
- For users of Adobe Acrobat X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.07), Adobe has made available the update Adobe Acrobat X (10.1.10)...
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates ...
___
Illustrator hotfix released
- https://helpx.adobe.com/security/products/illustrator/apsb14-11.html
May 13, 2014
CVE number: CVE-2014-0513
Platform: Windows and Macintosh
Summary: Adobe has released a security hotfix for Adobe Illustrator (CS6) for Windows and Macintosh. This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... Adobe recommends users update their software installations by following these instructions:
- https://helpx.adobe.com/security/products/illustrator/apsb14-11/_jcr_content/main-pars/download/file.res/Install%20Instructions%20for%20Illustrator%20CS6%20Hotfix.pdf
This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0513)...
:fear:
AplusWebMaster
2014-06-10, 18:41
FYI...
Flash 14.0.0.125 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-16.html
June 10, 2014
CVE numbers: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.359 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.125.
- Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.378.
- Adobe Flash Player 13.0.0.214 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux.
- Adobe Flash Player 13.0.0.214 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.0.
- Adobe Flash Player 13.0.0.214 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.1.
- Users of the Adobe AIR 13.0.0.111 SDK and earlier versions should update to the Adobe AIR 14.0.0.110 SDK.
- Users of the Adobe AIR 13.0.0.111 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.110 SDK & Compiler.
- Users of Adobe AIR 13.0.0.111 and earlier versions for Android should update to Adobe AIR 14.0.0.110.
- Users of Adobe AIR 13.0.0.111 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.110.
___
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030368
CVE Reference: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
Jun 10 2014
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.214 and prior (Windows/Mac); 11.2.202.359 and prior (Linux)...
Solution: The vendor has issued a fix (14.0.0.125 for Windows/Mac, 11.2.202.378 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
:fear:
AplusWebMaster
2014-07-08, 20:31
FYI...
Flash 14.0.0.145 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-17.html
July 8, 2014
CVE number: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.378 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.145.
- Users of Adobe Flash Player 11.2.202.378 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.394.
- Adobe Flash Player 14.0.0.125 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.145 for Windows, Macintosh and Linux.
- Adobe Flash Player 14.0.0.125 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.0.
- Adobe Flash Player 14.0.0.125 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.1.
- Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK.
- Users of the Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.137 SDK & Compiler.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Android should update to Adobe AIR 14.0.0.137...
___
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030533
CVE Reference: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
Jul 8 2014
Impact: Disclosure of system information, Disclosure of user information, Modification of user information, Not specified, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.125 and prior (for Windows/Mac), 11.2.202.378 and prior (for Linux)...
Solution: The vendor has issued a fix (14.0.0.145 for Windows/Mac, 11.2.202.394 for Linux)...
:fear:
AplusWebMaster
2014-08-12, 19:29
FYI...
Flash 14.0.0.179 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-18.html
Aug 12, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0538 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0540 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0541 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0542 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0543 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0544 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0545 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.394 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Active X plugin for Internet Explorer version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.176.
- Users of the Adobe Flash Player Windows NPAPI plugin for Firefox version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.179.
- Users of the Adobe Flash Player version 14.0.0.145 and earlier for Macintosh should update to Adobe Flash Player 14.0.0.176.
- Users of Adobe Flash Player 11.2.202.394 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.400.
- Adobe Flash Player 14.0.0.145 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.177 for Windows, Macintosh and Linux.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.0.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.1.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.
- Users of the Adobe AIR 14.0.0.137 SDK and earlier versions should update to the Adobe AIR 14.0.0.178 SDK.
- Users of the Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.178 SDK & Compiler.
- Users of Adobe AIR 14.0.0.137 and earlier versions for Android should update to Adobe AIR 14.0.0.179...
- https://www.adobe.com/products/flashplayer/distribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
Reader/Acrobat 11.0.08 released
- https://helpx.adobe.com/security/products/reader/apsb14-19.html
Aug 12, 2014
CVE numbers: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0546 - 10.0 (HIGH)
Platform: Windows
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected. Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11...
Solution: Reader, Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
___
- http://www.securitytracker.com/id/1030712
CVE Reference: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.145 and prior (Windows/Mac); 11.2.202.394 and prior (Linux) ...
Impact: A remote user can create content that, when loaded by the target user, will bypass security features and execute arbitrary code on the target user's system...
- http://www.securitytracker.com/id/1030711
CVE Reference: CVE-2014-0546
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 11.0.07 and prior ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system...
___
- https://atlas.arbor.net/briefs/index#1185576709
Extreme Severity
14 Aug 2014
Analysis: At least one security issue patched this month (CVE-2014-0546) has already been exploited in limited targeted attacks. The flaw, affecting Windows versions of Reader and Acrobat, is a sandbox bypass vulnerability that could allow an attacker to run native code with escalated privileges. [ https://securelist.com/blog/research/65577/cve-2014-0546-used-in-targeted-attacks-adobe-reader-update/ ] Meanwhile, the update for Flash Player is rated as 'critical' and should also be applied as soon as possible. According to a report on attack trends of the first half of 2014, Adobe Flash is the primary browser plugin targeted by zero-day attacks. [ http://www.bromium.com/sites/default/files/bromium-h1-2014-threat_report.pdf ] As Flash is required by many web sites, users can take advantage of the 'click to play' feature found in Chrome, Firefox, and Opera web browsers as a security measure.
:fear::fear:
AplusWebMaster
2014-09-09, 20:07
FYI...
Flash 15.0.0.152 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-21.html
Sep 9, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0547 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0548 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0549 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0550 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0551 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0552 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0553 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0554 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0555 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0556 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0557 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0559 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.152.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.244.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.406.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime, SDK and SDK and Compiler should update to version 15.0.0.249.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.252...
For I/E:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030822
CVE Reference: CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
Sep 9 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.179 and prior; 13.0.0.241 and prior 13.x versions ...
Solution: The vendor has issued a fix (13.0.0.244 Extended Release, 15.0.0.152 for Windows/Mac, 11.2.202.406 for Linux).
:fear:
AplusWebMaster
2014-09-16, 21:24
FYI...
Adobe Reader / Acrobat 11.0.09 released
- https://helpx.adobe.com/security/products/reader/apsb14-20.html
Sep 16, 2014
CVE Numbers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09.
- For users of Adobe Reader X (10.1.11) and earlier versions who cannot update to version 11.0.09, Adobe has made available version 10.1.12.
- Users of Adobe Acrobat XI (11.0.08) and earlier versions should update to version 11.0.09.
- For users of Adobe Acrobat X (10.1.11) and earlier versions, who cannot update to version 11.0.09, Adobe has made available version 10.1.12...
The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
___
- http://www.securitytracker.com/id/1030853
CVE Reference: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
Sep 16 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.11 and prior; 11.0.08 and prior...
Solution: The vendor has issued a fix (10.1.12, 11.0.09).
___
- https://atlas.arbor.net/briefs/index#-778103136
Extreme Severity
19 Sep 2014
:fear:
AplusWebMaster
2014-10-14, 21:09
FYI...
Flash 15.0.0.189 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Oct 14, 2014
CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...
For I/E:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
- http://www.securitytracker.com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
___
ColdFusion hotfixes available
- https://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
Oct 14, 2014
CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Platform: All Platforms
Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
Affected software versions:
ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb14-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
___
- http://www.securitytracker.com/id/1031020
CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Oct 14 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
Solution: The vendor has issued a hotfix.
:fear::fear:
AplusWebMaster
2014-11-11, 22:46
FYI...
Flash 15.0.0.223 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-24.html
Nov 11, 2014
CVE number: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356...
For I/E:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1031182
CVE Reference: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Nov 11 2014
Impact: Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Solution: The vendor has issued a fix (15.0.0.223 for Windows/Mac, ESR 13.0.0.252, 11.2.202.418 for Linux)...
:fear:
AplusWebMaster
2014-11-26, 01:28
FYI...
UPDATE: https://www.f-secure.com/weblog/archives/00002768.html
Nov 25, 2014 - "... the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569)... Kafeine* reported Angler exploiting this vulnerability... followed by Astrum and Nuclear exploit kits..."
* http://malware.dontneedcoffee.com/2014/10/cve-2014-0569.html
Flash 15.0.0.239 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
November 25, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8439 - 7.5 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release (reference http://helpx.adobe.com/security/products/flash-player/apsb14-22.html).
- Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.258.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.424.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
Affected software versions
- Adobe Flash Player 15.0.0.223 and earlier versions
- Adobe Flash Player 13.0.0.252 and earlier 13.x versions
- Adobe Flash Player 11.2.202.418 and earlier versions for Linux
- To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.239 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.258 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.424 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.239 on Windows and 15.0.0.242 on Macintosh.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.239...
For I/E:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1031259
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8439 - 7.5 (HIGH)
Nov 25 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 15.0.0.239 ...
:fear::fear:
AplusWebMaster
2014-12-05, 23:58
FYI...
Adobe Prenotification Security Advisory for Reader / Acrobat
- https://helpx.adobe.com/security/products/reader/apsb14-28.html
Dec 4, 2014 - "Summary: Adobe is planning to release security updates on Tuesday, December 9, 2014 for Adobe Reader and Acrobat for Windows and Macintosh. Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at:
- http://blogs.adobe.com/psirt
(Note: This Security Advisory will be replaced with the Security Bulletin upon release of the update.)
Affected software versions
Adobe Reader XI (11.0.09) and earlier versions
Adobe Reader X (10.1.12) and earlier versions
Adobe Acrobat XI (11.0.09) and earlier versions
Adobe Acrobat X (10.1.12) and earlier versions .
:fear::fear:
AplusWebMaster
2014-12-09, 20:17
FYI...
Flash 16.0.0.235 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
Dec 9, 2014
CVE number: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.
Note: Users who have been updated to version 15.0.0.246 are not affected by CVE-2014-9163.
Affected software versions:
Adobe Flash Player 15.0.0.242 and earlier versions
Adobe Flash Player 13.0.0.258 and earlier 13.x versions
Adobe Flash Player 11.2.202.424 and earlier versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.235 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.259 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.425 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.235.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.235...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1031316
CVE Reference: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Dec 9 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.258 and prior 13.x versions; 15.0.0.242 and prior; 11.2.202.424 and prior for Linux...
Solution: The vendor has issued a fix (16.0.0.235 for Windows/Mac, 13.0.0.259 ESR, 11.2.202.425 for Linux).
___
Adobe Reader/Acrobat 11.0.10 released
- https://helpx.adobe.com/security/products/reader/apsb14-28.html
Dec 9, 2014
CVE numbers: CVE-2014-9165, CVE-2014-8445, CVE-2014-9150, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9158, CVE-2014-9159
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Reader X (10.1.12) and earlier versions should update to version 10.1.13.
- Users of Adobe Acrobat XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Acrobat X (10.1.12) and earlier versions should update to version 10.1.13.
Affected software versions:
Adobe Reader XI (11.0.09) and earlier 11.x versions
Adobe Reader X (10.1.12) and earlier 10.x versions
Adobe Acrobat XI (11.0.09) and earlier 11.x versions
Adobe Acrobat X (10.1.12) and earlier 10.x versions
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
- http://www.securitytracker.com/id/1031322
CVE Reference: CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-9150, CVE-2014-9165
Dec 9 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.12 and prior 10.x; 11.0.09 and prior 11.x ..
Solution: The vendor has issued a fix (10.1.13, 11.0.10).
___
ColdFusion Hotfixes available
- https://helpx.adobe.com/security/products/coldfusion/apsb14-29.html
Dec 9, 2014
CVE numbers: CVE-2014-9166
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address a resource consumption issue that could potentially result in a denial of service. ColdFusion 9.x versions are not affected by this issue.
Affected software versions: ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
- ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-3.html
- ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-15.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide.
... These hotfixes address a resource consumption issue that could potentially result in a denial of service (CVE-2014-9166)...
- http://www.securitytracker.com/id/1031321
CVE Reference: CVE-2014-9166
Dec 9 2014
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11
Description: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (10 Update 15, 11 Update 3).
:fear::fear::fear:
AplusWebMaster
2015-01-13, 20:34
FYI..
Flash 16.0.0.257 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-01.html
Jan 13, 2015
CVE number: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.257.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.260.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.429.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.257.
- Users of the Adobe AIR desktop runtime should update to version 16.0.0.245.
- Users of the Adobe AIR SDK and AIR SDK and Compiler should update to version 16.0.0.272.
- Users of Adobe AIR for Android should update to version 16.0.0.272...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
NOTE: IF you are running Malwarebytes Anti-Exploit, at the moment there seems to be a conflict with this Flash download that needs resolution w/MBAE or vice-versa - until it is resolved, you may need to temporarily disable MBAE during the Flash download until it is.
___
- http://www.securitytracker.com/id/1031525
CVE Reference: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Jan 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (16.0.0.257 for Windows and Mac, ESR 13.0.0.260, 11.2.202.429 for Linux)...
:fear:
AplusWebMaster
2015-01-22, 18:33
FYI...
Flash 16.0.0.287 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
Jan 22, 2015
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0310
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a -separate- exploit for Flash Player 16.0.0.287 and earlier also exists in the wild. For the latest information, please refer to the PSIRT blog here*.
* http://blogs.adobe.com/psirt/
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.
Affected software versions
- Adobe Flash Player 16.0.0.257 and earlier versions
- Adobe Flash Player 13.0.0.260 and earlier 13.x versions
- Adobe Flash Player 11.2.202.429 and earlier versions for Linux
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.287 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.262 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.438 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.287.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.287.
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Updated: Jan 22, 2015 - "... We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26..."
___
- http://www.securitytracker.com/id/1031609
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310
Jan 22 2015
Impact: Disclosure of system information
Fix Available: Yes Vendor Confirmed: Yes
This vulnerability is being actively exploited...
Version(s): 16.0.0.257 and prior; 13.0.0.260 and prior 13.x versions ...
Solution: The vendor has issued a fix (16.0.0.287, ESR 13.0.0.262)...
:fear::fear:
AplusWebMaster
2015-01-25, 19:32
FYI...
Flash 16.0.0.296 available
- https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Updated: Jan 24, 2015
Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11...
Revisions
January 24, 2015: Updated to include Flash Player version delivered via auto-update.
January 24, 2015: Updated to reflect reports that Windows 8.1 is also affected by CVE-2015-0311.
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311 - 10.0 (HIGH)
Last revised: 01/26/2015 - "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."
>> https://www.adobe.com/products/flashplayer/distribution3.html
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://isc.sans.edu/forums/diary/Stealth+Update+for+Flash+from+Adobe/19229/
Last Updated: 2015-01-25 02:58:36 UTC See 'Comments'...
___
- https://www.us-cert.gov/ncas/current-activity/2015/01/26/Security-Advisory-Adobe-Flash-Player
Jan 26, 2015
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311 - 10.0 (HIGH)
:spider: :fear:
AplusWebMaster
2015-01-29, 05:21
FYI...
Flash 16.0.0.296 ...
- https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Jan 27, 2015
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0311 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0312 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0311 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.264.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.440.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.296.
>> https://www.adobe.com/products/flashplayer/distribution3.html
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://isc.sans.edu/diary.html?storyid=19249
Last Updated: 2015-01-28 20:23:05 UTC - "... Given that we are seeing exploits in the wild, the criticality of this exploit should be re-evaluated for prioritization and implementation..."
___
- http://www.securitytracker.com/id/1031634
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0312 - 10.0 (HIGH)
Jan 27 2015
:fear::fear:
AplusWebMaster
2015-02-05, 03:06
FYI...
Flash 16.0.0.305 ...
- https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Last updated: Feb 4, 2015 - updated to include Flash Player version delivered via auto-update.
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0313 - 10.0 (HIGH)
UPDATE (February 4): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February -5- and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post*.
* https://forums.adobe.com/thread/1152367
___
- https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Feb 5, 2015
CVE number: CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0313 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.305 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.269 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.442 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.305.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.305...
Revisions: Feb 19, 2015: Added reference to CVE-2015-0331, which was resolved in 16.0.0.305, 13.0.0.269 and 11.2.202.442 but inadvertently omitted from the bulletin.
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
__
- http://atlas.arbor.net/briefs/index#-1434008395
Feb 05, 2015 20:35 - "... a malvertising-directed compromise campaign involving the Angler exploit kit distributing the exploit code from approximately 1800 -malicious- sub-domains...
As of February 5 2015, the CVE-2015-0311 has been incorporated into another exploit kit known as Sweet Orange [ https://twitter.com/kafeine/status/563346001197826048/photo/1 ]. Organizations should ensure that robust patching and hardening tactics are used in order to prevent exploitation from commodity exploit kits as well as targeted attacks."
___
- http://www.securitytracker.com/id/1031706
CVE Reference: CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Feb 5 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 16.0.0.296 and prior (Windows/Mac); 13.0.0.264 and prior 13.x; 11.2.202.440 and prior (Linux)...
Solution: The vendor has issued a fix (16.0.0.305, ESR 13.0.0.269, 11.2.202.442 for Linux).
The vendor's advisory is available at:
- https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
:fear:
AplusWebMaster
2015-03-12, 21:10
FYI...
Flash 17.0.0.134 ...
- https://helpx.adobe.com/security/products/flash-player/apsb15-05.html
Mar 12, 2015
CVE number: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.134.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.451.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.134...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1031922
CVE Reference: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Mar 13 2015
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 16.0.0.305 and prior...
Solution: The vendor has issued a fix (17.0.0.134, ESR 13.0.0.277, 11.2.202.451 for Linux).
:fear::fear:
AplusWebMaster
2015-04-14, 20:51
FYI...
Flash v17.0.0.169 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
April 14, 2015
CVE number: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.281.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.457.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.169 when available...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1032105
CVE Reference: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355
Apr 14 2015
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.134 and prior, 13.0.0.277 and prior 13.x versions, 11.2.202.451 and prior 11.x versions...
Several memory corruption errors may occur [CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043].
Solution: The vendor has issued a fix (17.0.0.169, 13.0.0.281 ESR, 11.2.202.457 for Linux)...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3043 - 10.0 (HIGH)
Last revised: 04/15/2015 - "... as exploited in the wild in April 2015..."
___
Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html
April 14, 2015
CVE numbers: CVE-2015-0345
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address an input validation issue that could be used in a reflected cross-site scripting attack.
Affected software versions:
ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-5.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-16.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."
- http://www.securitytracker.com/id/1032106
CVE Reference: CVE-2015-0345
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11
Solution: The vendor has issued hotfixes (10 Update 16, 11 Update 5)...
___
Security vulnerability in output of Adobe Flex ASdoc Tool
- https://helpx.adobe.com/security/products/flex/apsb15-08.html
April 14, 2015
CVE number: CVE-2015-1773
Platform: All Platforms
Summary: An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions. This vulnerability could lead to reflected cross-site scripting. Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.
Affected software versions: Adobe Flex 4.6 and earlier versions
Solution: Adobe recommends users follow the steps below to remediate this issue:
- Download the index.html file available here:
> https://git-wip-us.apache.org/repos/asf/flex-sdk/repo?p=flex-sdk.git;a=blob;f=asdoc/templates/index.html;h=b9e46cded17d791edeffeddd01ecef8eef4adeae;hb=refs/heads/develop
- Apply any modifications to the existing index.html file (ex. update the page title)
- Deploy the results to the web site
- http://www.securitytracker.com/id/1032107
CVE Reference: CVE-2015-1773
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
Version(s): 4.6 and prior...
Solution: The vendor has issued a fix...
:fear:
AplusWebMaster
2015-05-10, 12:52
FYI...
- https://blogs.adobe.com/psirt/?p=1193
May 7, 2015
Prenotification Security Advisory for Adobe Reader
- https://helpx.adobe.com/security/products/reader/apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Reader for Windows and Macintosh...
Affected software versions:
• Adobe Reader XI (11.0.10) and earlier 11.x versions
• Adobe Reader X (10.1.13) and earlier 10.x versions...
These updates address critical vulnerabilities in the software...
Prenotification Security Advisory for Adobe Acrobat
- https://helpx.adobe.com/security/products/acrobat/apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Acrobat for Windows and Macintosh...
Affected software versions:
• Adobe Acrobat XI (11.0.10) and earlier versions
• Adobe Acrobat X (10.1.13) and earlier versions...
These updates address critical vulnerabilities in the software...
:fear::fear:
AplusWebMaster
2015-05-12, 20:24
FYI...
Flash Player 17.0.0.188 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
May 12, 2015
CVE number: CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.289.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.460.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.188.
- Users of the Adobe AIR desktop runtime should update to version 17.0.0.172.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 17.0.0.172...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_17_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
- http://www.securitytracker.com/id/1032285
CVE Reference: CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.169 and prior; other versions affected...
Solution: The vendor has issued a fix (17.0.0.188; 13.0.0.289 ESR; 11.2.202.460 for Linux).
___
Adobe Reader 11.0.11 10.1.14, Acrobat 11.0.11 10.1.14 released
- https://helpx.adobe.com/security/products/reader/apsb15-10.html
May 12, 2015
CVE Numbers: CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047...
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Reader X (10.1.13) and earlier versions should update to version 10.1.14.
- Users of Adobe Acrobat XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Acrobat X (10.1.13) and earlier versions should update to version 10.1.14...
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh
- http://www.securitytracker.com/id/1032284
CVE Reference: CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.13 and prior 10.x versions, 11.0.10 and prior 11.x versions
Solution: The vendor has issued a fix (10.1.14, 11.0.11).
:fear::fear::fear:
AplusWebMaster
2015-06-09, 18:28
FYI...
Flash 18.0.0.160 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
June 9, 2015
CVE number: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160.
- Users of the Adobe Flash Player Extended Support Release for Windows and Macintosh should update to Adobe Flash Player 13.0.0.292. *
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.466.
- Adobe Flash Player installed with Google Chrome will automatically update to version 18.0.0.160 (Windows and Linux) and 18.0.0.161 (Macintosh).
- Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.160.
- Users of the Adobe AIR Desktop Runtime should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of Adobe AIR for Android should update to version 18.0.0.143...
For IE:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1032519
CVE Reference: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Jun 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.188 and prior...
Solution: The vendor has issued a fix (18.0.0.160 for Mac/Windows, 13.0.0.292 ESR, 11.2.202.466 for Linux).
:fear::fear:
AplusWebMaster
2015-06-17, 18:16
FYI...
Adobe Photoshop CC updated
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
June 16, 2015
CVE number: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Affected software versions
Adobe Photoshop CC 2014 (15.2.2) (2014.2.2) and earlier versions for Windows and Macintosh
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu, and clicking "Updates". For more information, please reference this help page*:
* https://helpx.adobe.com/creative-cloud/help/creative-cloud-2015-updates.html
Product Updated version Platform Priority rating
Adobe Photoshop CC 2015 16.0 (2015.0.0) Windows and Macintosh 3
These updates address a critical vulnerability in the software..."
- http://www.securitytracker.com/id/1032659
CVE Reference: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (16.0 (2015.0.0)).
___
Adobe Bridge CC updated
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
June 16, 2015
CVE number: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Adobe Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system...
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu and clicking "Updates". For more information, please reference the following help page*:
* https://helpx.adobe.com/creative-cloud/help/creative-cloud-2015-updates.html
Creative Cloud desktop app displays an Update All button or Update buttons next to installed apps. Clicking Update or Update All installs the latest versions of apps on your computer..."
Product Updated version Platform Priority rating
Adobe Bridge CC 6.1.1 Windows and Macintosh 3
These updates address a critical vulnerability in the software.
- http://www.securitytracker.com/id/1032658
CVE Reference: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (6.1.1).
:fear::fear:
AplusWebMaster
2015-06-23, 23:56
FYI...
Flash 18.0.0.194 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
June 23, 2015
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113 / 10.0 (HIGH)
Last revised: 06/24/2015 - "... as exploited in the wild in June 2015."
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.468.
- Adobe Flash Player installed with Google Chrome and Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.194...
For IEv9:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/06/23/new-0-day-for-adobe-flash
Jun 23, 2015 - "Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye* had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believe it was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by introducing new techniques in their use of ROP. Patch as quickly as possible. 0-days once discovered this way tend to spread quickly to other cyber criminal groups. Adobe mentions that all known targets seem to use Windows 7 and Internet Explorer and Firefox on Windows XP... Users of IE10/11 and Google Chrome will get their patches through their browsers directly, everybody else will need to download directly from Adobe."
* https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
June 23, 2015
- http://www.securitytracker.com/id/1032696
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113
Jun 23 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.161 and prior...
FireEye reported this vulnerability.
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (18.0.0.194; ESR 13.0.0.296; 11.2.202.468 for Linux)...
:fear::fear:
AplusWebMaster
2015-07-07, 21:50
FYI...
Flash Player Security Advisory
- https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
July 7, 2015
CVE number: CVE-2015-5119
Platform: Windows, Macintosh and Linux
Summary: A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.
Affected software versions:
- Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux..."
___
Flash 0-day - Use-After-Free Vuln
- https://www.us-cert.gov/ncas/current-activity/2015/07/07/Adobe-Flash-ActionScript-3-ByteArray-Use-After-Free-Vulnerability
July 07, 2015
___
- http://arstechnica.com/security/2015/07/hacking-team-leak-releases-potent-flash-0day-into-the-wild/
Jul 7, 2015 - "... Until a fix is installed, readers should consider -disabling- Flash, particularly when browsing websites they are unfamiliar with..."
Flash 0-Day Integrated Into Exploit Kits
- http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-into-exploit-kits/
July 7, 2015 - "... one of the payloads being spread in this manner as CryptoWall 3.0, particularly by the Angler exploit kit..."
:fear::fear:
AplusWebMaster
2015-07-08, 18:00
FYI...
Flash 18.0.0.203 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
July 8, 2015
CVE number: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.203 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.302 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.481 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.203 on Windows and Macintosh, and Flash Player 18.0.0.204 on Linux.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.203...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5119
Last revised: 07/10/2015 - "... as exploited in the wild in July 2015."
10.0 (HIGH)
___
- http://www.securitytracker.com/id/1032809
CVE Reference: CVE-2015-5119
Jul 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).
- http://www.securitytracker.com/id/1032810
CVE Reference: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118
Jul 8 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).
:fear::fear:
AplusWebMaster
2015-07-14, 17:44
FYI...
Flash 18.0.0.209 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
July 14, 2015
CVE number: CVE-2015-5122, CVE-2015-5123
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.209 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.305 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.209 on Windows, Macintosh and Linux.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.209...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
> http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html
July 16, 2015
> http://blog.trendmicro.com/trendlabs-security-intelligence/flash-threats-not-just-in-the-browser/
July 30, 2015
- http://www.securitytracker.com/id/1032890
CVE Reference: CVE-2015-5122, CVE-2015-5123
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (18.0.0.209, ESR 13.0.0.305 Windows/Mac).
___
Shockwave 12.1.9.159 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
July 14, 2015
CVE number: CVE-2015-5120, CVE-2015-5121
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
- Adobe recommends users of Adobe Shockwave Player 12.1.8.158 and earlier versions for Windows and Macintosh update to Adobe Shockwave Player 12.1.9.159 by visiting the Adobe Shockwave Player Download Center*.
* https://get.adobe.com/shockwave/
- http://www.securitytracker.com/id/1032891
CVE Reference: CVE-2015-5120, CVE-2015-5121
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.1.8.158 and prior...
Solution: The vendor has issued a fix (12.1.9.159).
___
Adobe Acrobat/Reader 11.0.12/10.1.15 released
- https://helpx.adobe.com/security/products/acrobat/apsb15-15.html
July 14, 2015
CVE numbers: CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Platforms: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> https://get.adobe.com/reader/
Acrobat Updates/Programs: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Reader Updates/Programs: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- http://www.securitytracker.com/id/1032892
CVE Reference: CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Jul 14 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.14 and prior; 11.0.11 and prior...
Solution: The vendor has issued a fix (10.1.15, 11.0.12, DC 2015.008.20082).
:fear::fear:
AplusWebMaster
2015-08-11, 19:54
FYI...
Flash 18.0.0.232 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Aug 11, 2015
APSB15-19
CVE number: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe... recommends users update their installation to the newest version:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.232 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release [2] update to version 18.0.0.232 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.508 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.232 on Windows and Macintosh, and version 18.0.0.233 for Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 18.0.0.199 ...
2] https://blogs.adobe.com/flashplayer/2015/05/upcoming-changes-to-flash-players-extended-support-release-2.html
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_18_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
Aug 12, 2015: Added a reference to CVE-2015-5565, a use-after-free issue similar to CVE-2015-3107. A fix for CVE-2015-3107 was introduced in APSB15-11, and has been strengthened in APSB15-19. Also, removed CVE-2015-5128, which was previously assessed to be a Type Confusion issue and has been re-classified as a non-exploitable crash due to a null pointer exception.
___
- http://www.securitytracker.com/id/1033235
CVE Reference: CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Aug 11 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.209 and prior...
Solution: The vendor has issued a fix (18.0.0.232, 11.2.202.508 for Linux)...
:fear:
AplusWebMaster
2015-09-09, 04:12
FYI...
Adobe Shockwave 12.2.0.162 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-22.html
Sep 8, 2015
CVE number: CVE-2015-6680, CVE-2015-6681
Platform: Windows
Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.1.9.160 and earlier versions update to Adobe Shockwave Player 12.2.0.162 by visiting the Adobe Shockwave Player Download Center*...
* https://get.adobe.com/shockwave/
Vulnerability Details: This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-6680, CVE-2015-6681)...
___
- http://www.securitytracker.com/id/1033486
CVE Reference: CVE-2015-6680, CVE-2015-6681
Sep 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.1.9.160 and prior...
Solution: The vendor has issued a fix (12.2.0.162)...
:fear::fear:
AplusWebMaster
2015-09-21, 23:33
FYI...
Flash 19.0.0.185 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
Sep 21, 2015
CVE number: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.185 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.241 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.521 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.185 on Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.190 by visiting the AIR download center or the AIR developer center.
Adobe recommends users of AIR for Android update to version 19.0.0.190 by visiting the Google Play Store...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1033629
CVE Reference: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
Sep 22 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.232 and prior...
Solution: The vendor has issued a fix (19.0.0.185 for Windows/Mac, 18.0.0.241 ESR for Windows/Mac, 11.2.202.521 for Linux).
:fear::fear:
AplusWebMaster
2015-10-09, 11:47
FYI...
Prenotification Security Advisory for Adobe Acrobat and Reader
- https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
Oct 8, 2015
Platform: Windows and Macintosh
Summary: Adobe is planning to release security updates on Tuesday, October 13, 2015 for Adobe Acrobat and Reader for Windows and Macintosh.
Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at https://blogs.adobe.com/psirt
(Note: This Security Advisory will be replaced with the Security Bulletin on October 13.)
:fear:
AplusWebMaster
2015-10-13, 19:16
FYI...
>> https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Oct, 14, 2015 - "... A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16."
___
Flash 19.0.0.207 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
Oct 13, 2015
CVE number: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.207 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.252 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.535 by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.207 on Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.213 by visiting the AIR download center or the AIR developer center...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR: http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1033797
CVE Reference: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
Oct 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.185 and prior ...
Solution: The vendor has issued a fix (18.0.0.252 ESR, 19.0.0.207 for Mac/Windows, 11.2.202.535 for Linux).
___
Adobe Acrobat/Reader 11.0.13/10.1.16 released
- https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
Oct 13, 2015
CVE Numbers: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat -Reader- installer can be downloaded from the Acrobat Reader Download Center:
> https://get.adobe.com/reader/
-or-
Windows/Mac: https://www.adobe.com/support/downloads/new.jsp
___
- http://www.securitytracker.com/id/1033796
CVE Reference: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
Oct 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.15 and prior, 11.0.12 and prior ...
Solution: The vendor has issued a fix (10.1.16, 11.0.13)...
[-56- vulnerabilities]
:fear::fear:
AplusWebMaster
2015-10-16, 18:49
FYI...
Flash 19.0.0.226 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Oct 16, 2015
CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-7645 is being used in limited, targeted attacks...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.226 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.255 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.540 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.226 on Windows, Macintosh and Linux, and 19.0.0.225 on Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1033850
CVE Reference: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Oct 16 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.207 and prior...
Solution: The vendor has issued a fix (18.0.0.255 ESR, 19.0.0.226 for Windows and OS X, 11.2.202.540 for Linux.
:fear::fear:
AplusWebMaster
2015-10-27, 21:21
FYI...
Shockwave 12.2.1.171 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-26.html
Oct 27, 2015
CVE number: CVE-2015-7649
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.0.162 and earlier versions update to Adobe Shockwave Player 12.2.1.171 by visiting the Adobe Shockwave Player Download Center:
- https://get.adobe.com/shockwave/
Vulnerability Details: This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2015-7649)...
___
- http://www.securitytracker.com/id/1033990
CVE Reference: CVE-2015-7649
Oct 28 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.2.0.162 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (12.2.1.171)...
:fear::fear:
AplusWebMaster
2015-11-10, 19:51
FYI...
Flash 19.0.0.245 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
Nov 10, 2015
CVE number: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.245 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted....
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.261 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.548 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.245 on Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.241 by visiting the AIR download center or the AIR developer center...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_19_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
Air 19.0.0.241: https://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1034111
CVE Reference: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
Nov 10 2015
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.226 and prior ...
Solution: The vendor has issued a fix (19.0.0.245 for Windows/Mac; 18.0.0.261 ESR; 11.2.202.548 for Linux).
:fear::fear:
AplusWebMaster
2015-11-18, 14:53
FYI...
ColdFusion - Hotfix available
- https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
Nov 17, 2015
CVE numbers: CVE-2015-8052, CVE-2015-8053, CVE-2015-5255
Platforms: All
Summary: Adobe has released a security hotfix for ColdFusion versions 11 and 10. This hotfix resolves two input validation issues that could be used in reflected cross-site scripting attacks. This hotfix also includes an updated version of BlazeDS that resolves an important Server-side request forgery vulnerability. Adobe recommends users apply the appropriate hotfix using the instructions provided in the "Solution" section...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-7.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-18.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."
LiveCycle Data Services
- https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html
Nov 17, 2015
> https://helpx.adobe.com/livecycle/kb/ssrf-vulnerability-blazeDS.html
Adobe Premier Clip
- https://helpx.adobe.com/security/products/premiereclip/apsb15-31.html
Nov 17, 2015
> https://itunes.apple.com/us/app/adobe-premiere-clip/id919399401
___
- http://www.securitytracker.com/id/1034211
CVE Reference: CVE-2015-8052, CVE-2015-8053
Nov 20 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10 Update 17 and prior, 11 Update 6 and prior ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10 Update 18, 11 Update 7)...
___
- https://www.us-cert.gov/ncas/current-activity/2015/11/17/Adobe-Releases-Security-Updates-ColdFusion-LiveCycle-Data-Services
Nov 17, 2015
:fear::fear:
AplusWebMaster
2015-12-08, 20:15
FYI...
Flash 20.0.0.228 / 20.0.0.235 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
Dec 8, 2015
CVE number: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari) by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.268 by visiting
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.554 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.228 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.204 by visiting the AIR download center or the AIR developer center.
- Please visit the Flash Player Help page for assistance in installing Flash Player...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR 20.0.0.204: https://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1034318
CVE Reference: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
Dec 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (20.0.0.228 for Mac/Windows; 20.0.0.235 for Mac/Windows; ESR 18.0.0.268; 11.2.202.554 for Linux)...
:fear::fear:
AplusWebMaster
2015-12-28, 23:26
FYI...
Flash 20.0.0.267 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
Dec 28, 2015
CVE number: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-8651* is being used in limited, targeted attacks...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.267 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.324 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.559 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.267 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.233 by visiting the AIR download center or the AIR developer center...
* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8651
Last revised: 12/29/2015 - 9.3 (HIGH)
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR 20.0.0.233: https://get.adobe.com/air/
- https://www.us-cert.gov/ncas/current-activity/2015/12/28/Adobe-Releases-Security-Updates-Flash-Player
Dec 28, 2015
___
- http://www.securitytracker.com/id/1034544
CVE Reference: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
Dec 29 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 20.0.0.235 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (20.0.0.267; ESR 18.0.0.324; 11.2.202.559 for Linux).
:fear::fear:
AplusWebMaster
2016-01-12, 19:33
FYI...
Adobe Acrobat/Reader 11.0.14 released
- https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
Jan 12, 2016
CVE numbers: CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947
Platform: Windows and Macintosh
Note: As outlined in this blog post*, Adobe Acrobat X and Adobe Reader X are no-longer-supported.
Adobe recommends users install Adobe Acrobat DC and Adobe Acrobat Reader DC for the latest features and security updates.
* https://blogs.adobe.com/documentcloud/adobe-acrobat-x-and-adobe-reader-x-end-of-support/
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically when updates are detected without requiring user intervention.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center**.
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ , or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
Acrobat for Windows: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
1/12/2016
Adobe Reader for Windows: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
1/12/2016
Acrobat for Macintosh: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac
1/12/2016
Adobe Reader for Macintosh: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Mac
1/12/2016
___
Also see "New Downloads":
- https://www.adobe.com/support/downloads/new.jsp
1/12/2016
Adobe Acrobat Reader DC
** https://get.adobe.com/reader/
___
- http://www.securitytracker.com/id/1034646
CVE Reference: CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947
Jan 12 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (11.0.14, 15.006.30119, 15.010.20056)...
:fear::fear:
AplusWebMaster
2016-02-09, 18:48
FYI...
Flash 20.0.0.306 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-04.html
Feb 9, 2016
CVE number: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Platform: Windows, Macintosh and Linux ...
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.306 via the update mechanism within the product when prompted... or by visiting the Adobe Flash Player Download Center.
Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.329 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.569 by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.306 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.306.
Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.306.
Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.260 by visiting the AIR download center or the AIR developer center...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_20_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR 20.0.0.260: https://get.adobe.com/air/
- https://blog.qualys.com/laws-of-vulnerabilities/2016/02/09/patch-tuesday-february-2016
Feb 9, 2016 - "... The update for Adobe Flash (APSB16-04) contains fixes for -23- vulnerabilities, all of them rated as “critical”, i.e. capable of handing the attacker complete control over the target machine..."
- http://www.securitytracker.com/id/1034970
CVE Reference: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Feb 9 2016
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (18.0.0.329, 20.0.0.306 for Windows and Mac; 11.2.202.569 for Linux)...
___
Adobe Photoshop CC and Bridge CC
- https://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Feb 9, 2016
CVE number: CVE-2016-0951, CVE-2016-0952, CVE-2016-0953
Platform: Windows and Macintosh
Summary: Adobe has released updates for Photoshop CC and Bridge CC for Windows and Macintosh. These updates address critical security vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations via each application's update mechanism by launching each application, navigating to the Help menu, and clicking "Updates"...
Patches for Adobe Photoshop CC 2014 (15.2.4) are also available at the following locations:
Win (32-bit): https://www.adobe.com/support/downloads/detail.jsp?ftpID=6015
Win (64-bit): https://www.adobe.com/support/downloads/detail.jsp?ftpID=6016
Mac: https://www.adobe.com/support/downloads/detail.jsp?ftpID=6017
Note: These updates will not show in the Applications & Updates section of the Creative Cloud Packager. Please download the patches directly from the links above, and use the option to “Add Offline Media” as described in the workflow documented here:
- https://helpx.adobe.com/creative-cloud/packager/package-configurations.html#Add_Offline_Media
___
Adobe Experience Manager
- https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
Feb 9, 2016
CVE number: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958
Platform: Windows, Unix, Linux and OS X
Summary: Adobe has released security hot fixes for Adobe Experience Manager. These hot fixes resolve important vulnerabilities that could potentially lead to information disclosure... customers should review and implement the steps outlined in the Security Checklists for versions 6.1, 6.0 or 5.6.1...
• Hot fix 8364 includes a Java deserialization issues mitigation agent (CVE-2016-0958).
> https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/public/adobe/packages/cq/hotfix/cq-ALL-hotfix-NPR-8364
• Hot fix 8651 resolves a cross-site scripting vulnerability that could lead to information disclosure (CVE-2016-0955).
> https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/private/day/packages/adobe/cq610/hotfix/cq-6.1.0-hotfix-8651
• Hot fix 6445 resolves an information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956).
> https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/public/adobe/packages/aem610/hotfix/cq-6.1.0-hotfix-6445
• Dispatcher 4.1.5 and higher resolves a URL filter bypass vulnerability that could be used to circumvent dispatcher rules (CVE-2016-0957).
> https://docs.adobe.com/docs/en/dispatcher.html
...
___
Adobe Connect
- https://helpx.adobe.com/security/products/connect/apsb16-07.html
Feb 9, 2016
CVE number: CVE-2016-0948, CVE-2016-0949, CVE-2016-0950
Platform: Windows
Summary: Adobe has released a security update for Adobe Connect. This release resolves -important- input validation and content spoofing issues, and includes a feature to protect users from Cross-Site Request Forgery...
- https://helpx.adobe.com/adobe-connect/release-note/adobe-connect-9-5-2-release-notes.html
"... Adobe Connect 9.5.2 is a maintenance release and is available as a patch. It delivers fixes to a number of issues and includes a few improvements... Adobe Connect 9.5.2 will be rolled out in phases:
- On-premise: Adobe Connect 9.5.2 installer for customer on-premise deployments (all supported locales): Feb 11th, 2016
- Hosted: Adobe Connect 9.5.2 service hosted by Adobe: Starting Feb 7th, 2016
- Managed Services: Adobe managed customer specific cloud deployment of Adobe Connect: Update scheduled based on customer requirement. Please reach out to your Adobe Connect managed services representative to schedule your update..."
:fear::fear:
AplusWebMaster
2016-03-08, 19:15
FYI...
Acrobat/Reader 11.0.15 released
- https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
March 8, 2016
CVE Numbers: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader
Acrobat Reader DC Version 2015.010.20060
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ ... or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.
> https://www.adobe.com/support/downloads/new.jsp
Adobe Acrobat 11.0.15
Adobe Reader 11.0.15
3/8/2016
- http://www.securitytracker.com/id/1035199
CVE Reference: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
Mar 8 2016
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (11.0.15, 15.006.30121, 15.010.20060)...
___
Adobe Digital Editions 4.5.1 released
- https://helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html
March 8, 2016
CVE Numbers: CVE-2016-0954
Platform: Windows, Macintosh, iOS and Android
Summary: Adobe has released a security update for Adobe Digital Editions 4.5.0 and earlier versions. This update resolves a critical memory corruption vulnerability that could lead to code execution...
Customers using Adobe Digital Editions 4.5.0 on Windows can download the update from the Adobe Digital Editions download page:
> https://www.adobe.com/solutions/ebook/digital-editions/download.html
.. or utilize the product’s update mechanism when prompted. Customers using Digital Editions for iOS and Android can download the update from the respective app store.
For more information, please reference the release notes:
> http://www.adobe.com/solutions/ebook/digital-editions/release-notes.html
- http://www.securitytracker.com/id/1035199
CVE Reference: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
Mar 8 2016
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (11.0.15, 15.006.30121, 15.010.20060)...
___
Known issues | Acrobat DC, Reader DC
- https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-dc-reader.html
___
- http://krebsonsecurity.com/2016/03/adobe-microsoft-push-critical-updates/
8 Mar 2016 - "... Adobe spokesperson: the company will be issuing a Flash Player update on Thursday morning."
:fear::fear:
AplusWebMaster
2016-03-10, 18:16
FYI...
Flash 21.0.0.182 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
March 10, 2016
CVE number: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.182 via the update mechanism within the product when prompted.. or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.333 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.577 by visiting the - Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.182 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.176 by visiting the AIR download center or the AIR developer center...
For IEv9 and below:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
AIR 21.0.0.176: https://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1035251
CVE Reference: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
Mar 11 2016
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (ESR 18.0.0.333; 21.0.0.182; 11.2.202.577 for Linux)...
___
Installation problems | Flash Player | Windows 7 and earlier
- https://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html
:fear::fear:
AplusWebMaster
2016-04-06, 22:32
FYI...
Flash Player - CVE-2016-1019
- https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
April 5, 2016
CVE number: CVE-2016-1019
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: "A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version -20.0.0.306- and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently -prevents- exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7..."
> https://blogs.adobe.com/psirt/?p=1330
April 5, 2016 - "... critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier..."
:fear::fear:
AplusWebMaster
2016-04-08, 14:27
FYI...
Flash 21.0.0.213 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Apr 7, 2016
CVE number: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.213 via the update mechanism within the product when prompted.. or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.343 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.616 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.213 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
- Adobe Flash Player installed with Internet Explorer for Windows 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
- Please visit the Flash Player Help page for assistance in installing Flash Player...
For I/E - some versions get 'Automatic' updates:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1035509
CVE Reference: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Apr 8 2016
Version(s): prior to 21.0.0.213 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (21.0.0.213; ESR 18.0.0.343; 11.2.202.616 for Linux)...
___
- https://www.us-cert.gov/ncas/current-activity/2016/04/08/Adobe-Releases-Updates-Flash-Player
April 08, 2016
Flash 0day (CVE-2016-1019) in the Wild; Exploit Kits Delivering Ransomware
- https://atlas.arbor.net/briefs/index#-169418222
Elevated Severity
April 07, 2016 21:52
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1019
Last revised: 04/11/2016 - "... as exploited in the wild in April 2016."
10.0 HIGH
:fear::fear:
AplusWebMaster
2016-04-12, 22:20
FYI...
Creative Cloud 3.6.0.244 released
- https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html
April 12, 2016
CVE number: CVE-2016-1034
Platform: Windows and Macintosh
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Creative Cloud Desktop Application - 3.6.0.244 - Windows and Macintosh ...
Creative Cloud users can apply the update via the application's update mechanism. For more details, visit:
- https://www.adobe.com/creativecloud/desktop-app.html
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
- https://helpx.adobe.com/creative-cloud/packager/named-licenses.html
Refer to this help page* for more information on the Creative Cloud Packager.
* https://helpx.adobe.com/creative-cloud/packager.html
Vulnerability Details: This update resolves a vulnerability in the JavaScript API for Creative Cloud Libraries that could be abused to remotely read and write files on the client’s file system (CVE-2016-1034)...
___
Security hotfix available for RoboHelp Server
- https://helpx.adobe.com/security/products/robohelp-server/apsb16-12.html
April 12, 2016
CVE number: CVE-2016-1035
Platform: Windows
Solution: ... Please refer to the Knowledge Base article available here* for instructions to download and apply the hotfix.
* https://helpx.adobe.com/content/help/en/robohelp-server/kb/SQL-security-issue.html
Vulnerability Details: This hotfix resolves a vulnerability in the handling of SQL queries that could lead to information disclosure (CVE-2016-1035)...
___
Security updates available for Adobe Flash Player
- https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
Last updated: April 12, 2016: Updated to reflect the availability of AIR updates for the CVEs referenced in this bulletin.
Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.198 by visiting the AIR download center* or the AIR developer center**.
* AIR: 21.0.0.198: http://get.adobe.com/air/
** http://www.adobe.com/devnet/air/air-sdk-download.html
___
- https://www.us-cert.gov/ncas/current-activity/2016/04/12/Adobe-Releases-Security-Updates-Creative-Cloud-Desktop-Application
April 12, 2016
:fear::fear:
AplusWebMaster
2016-05-10, 20:46
FYI...
Flash Player Advisory
- https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
May 10, 2016
CVE number: CVE-2016-4117
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog:
> http://blogs.adobe.com/psirt/
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4117
Last revised: 05/10/2016 - "... as exploited in the wild in May 2016."
___
Acrobat, Reader 2015.016.20039, 11.0.16 released
- https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
May 10, 2016
CVE Numbers: CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
Acrobat:
> https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
5/10/2016
Reader:
> https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
5/10/2016
___
Hotfixes available for ColdFusion
- https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
May 10, 2016
CVE numbers: CVE-2016-1113, CVE-2016-1114, CVE-2016-1115
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue (CVE-2016-1113), a host name verification problem with wild card certificates (CVE-2016-1115) and include an updated version of Apache Commons Collections library to mitigate java deserialization (CVE-2016-1114)...
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-1.html
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-8.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-19.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide.
ColdFusion (2016 release) Lockdown guide
> http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf
ColdFusion 11 Lockdown Guide
> http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf
ColdFusion 10 Lockdown Guide
> http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/cf10-lockdown-guide.pdf
:fear::fear::fear:
AplusWebMaster
2016-05-12, 19:01
FYI...
Flash 21.0.0.242 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
May 12, 2016
CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild...
Solution:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.242 via the update mechanism within the product when prompted... or by visiting the Adobe Flash Player Download Center:
> http://www.adobe.com/go/getflash
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.352 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.621 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.242 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.242.
- Adobe recommends users of the AIR desktop runtime, AIR SDK* and AIR SDK & Compiler update to version 21.0.0.215 by visiting the AIR download center or the AIR developer center.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
* Air 21.0: https://get.adobe.com/air/
Revisions:
May 13, 2016: Modified the affected versions of Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and 8.1 from 21.0.0.213 and earlier to 21.0.0.241 and earlier.
May 19, 2016: Added CVE-2016-4120 and CVE-2016-4121, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
June 3, 2016: Added CVE-2016-4160, CVE-2016-4161, CVE-2016-4162 and CVE-2016-4163, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
___
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4117
Last revised: 05/13/2016 - "... as exploited in the wild in May 2016."
CVSS v2 Base Score: 10.0 HIGH
CVSS v3 Base Score: 9.8 Critical
For I/E - some versions get 'Automatic' updates:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_21_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
:fear::fear:
AplusWebMaster
2016-06-14, 20:16
FYI...
Flash Player CVE-2016-4171 ...
- https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
June 14, 2016
CVE number: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16..."
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4171
Last revised: 06/16/2016 - "... vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016..."
___
ColdFusion Hotfixes available
* https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html
June 14, 2016
CVE number: CVE-2016-4159
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2016-4159). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section...
Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions...
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
- ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-2.html
- ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-9.html
- ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-20.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide..."
- http://www.securitytracker.com/id/1036098
CVE Reference: CVE-2016-4159
Jun 14 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11, 2016 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (ColdFusion 10 Update 20, ColdFusion 11 Update 9, ColdFusion (2016 release) Update 2)...
___
- https://blogs.adobe.com/psirt/?p=1361
"Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22*). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin..."
Adobe DNG SDK: https://helpx.adobe.com/security/products/dng-sdk/apsb16-19.html
Adobe Brackets: https://helpx.adobe.com/security/products/brackets/apsb16-20.html
Adobe Creative Cloud Desktop Application:
- https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html
:fear::fear:
AplusWebMaster
2016-06-16, 19:52
FYI...
Flash 22.0.0.192 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
June 16, 2016
CVE number: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks...
Solution: ...
• Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.192 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
• Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.360 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
• Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.626 by visiting the Adobe Flash Player Download Center.
• Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.192 for Windows, Macintosh, Linux and Chrome OS.
• Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.192.
• Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
Adobe AIR 22.0.0.153 released
- https://helpx.adobe.com/security/products/air/apsb16-23.html
June 16, 2016
CVE number: CVE-2016-4126
Platform: Windows
Summary: Adobe has released a security update for Adobe AIR for Windows. This update addresses a vulnerability in the directory search path used by the AIR installer that could potentially allow an attacker to take control of the affected system...
Solution: ...Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 22.0.0.153 by visiting the AIR download center* or the AIR developer center**...
* http://get.adobe.com/air/
** http://www.adobe.com/devnet/air/air-sdk-download.html
:fear::fear::fear:
AplusWebMaster
2016-07-12, 19:24
FYI...
Flash 22.0.0.209 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-25.html
July 12, 2016
CVE number: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
• Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.209 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
• Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.366 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
• Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.632 by visiting the Adobe Flash Player Download Center.
• Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.209 for Windows, Macintosh, Linux and Chrome OS.
• Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.209.
Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_22_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1036280
CVE Reference: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
Jul 12 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 22.0.0.192 and prior ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (22.0.0.209, ESR 18.0.0.366); 11.2.202.632 for Linux...
___
Adobe Acrobat/Reader 11.0.17, 15.017.20050, 15.006.30198 updates
- https://helpx.adobe.com/security/products/acrobat/apsb16-26.html
Last Updated: July 12, 2016
CVE numbers: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
[See: 'Affected Versions'...]
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader ...
Acrobat for Windows: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
7/12/2016
Acrobat for Macintosh: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Mac
7/12/2016
- http://www.securitytracker.com/id/1036281
CVE Reference: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
Jul 12 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 15.016.20045 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (11.0.17 ,15.006.30198, 15.017.20050)...
___
Adobe XMP Toolkit for Java
- https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html
July 12, 2016
CVE number: CVE-2016-4216
Platform: All
Summary: Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216)...
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
Adobe XMP Toolkit for Java - 5.1.3 - All
Adobe XMP toolkit for Java users can download the updated version via the following download page:
> http://www.adobe.com/devnet/xmp.html ...
Adobe expects the updated version to be available during the week of July 11, 2016..."
___
> https://www.us-cert.gov/ncas/current-activity/2016/07/12/Adobe-Releases-Security-Updates
July 12, 2016
:fear::fear:
AplusWebMaster
2016-08-31, 12:09
FYI...
Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
Aug 30, 2016
CVE number: CVE-2016-4264
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10 and 11. These hotfixes resolve a critical vulnerability that could lead to information disclosure (CVE-2016-4264). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below.
Affected Versions / Platform
ColdFusion 11 Update 9 and earlier versions All
ColdFusion 10 Update 20 and earlier versions All
Note: The ColdFusion 2016 release is not affected by CVE-2016-4264.
Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions:
Product Hotfix Version Platform Priority rating Availability
ColdFusion 11 Update 10 All 2 Tech note: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-10.html
ColdFusion 10 Update 21 All 2 Tech note: https://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-21.html
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-10.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-21.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide...
Revisions:
Sep 1, 2016: As of September 1, Adobe is aware of publicly available proof-of-concept code, and we have modified the priority of these hotfixes from Priority 2 to Priority 1.
___
- http://www.securitytracker.com/id/1036708
CVE Reference: CVE-2016-4264
Aug 31 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10 Update 20 and prior, 11 Update 9 and prior ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10 Update 21, 11 Update 10)...
___
- https://www.us-cert.gov/ncas/current-activity/2016/08/30/Adobe-Releases-Security-Updates-ColdFusion
Aug 30, 2016
:fear:
AplusWebMaster
2016-09-13, 19:27
FYI...
Flash 23.0.0.162 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
Sep 13, 2016
CVE number: CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.162 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.375 by visiting: http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.635 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.162 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.162.
- Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_23_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_23_plugin.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1036791
CVE Reference: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
Sep 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 22.0.0.211 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (23.0.0.162, ESR 18.0.0.375; 11.2.202.635 for Linux)...
___
AIR 23.0.0.257 released
- https://helpx.adobe.com/security/products/air/apsb16-31.html
Sep 13, 2016
CVE number: CVE-2016-6936
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe AIR SDK & Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update... recommends users update their installation to the newest version:
Adobe Air SDK & Compiler 23.0.0.257 Windows ...
AIR v23.0: https://get.adobe.com/air/
AIR Developer Center: https://www.adobe.com/devnet/air/air-sdk-download.html
- http://www.securitytracker.com/id/1036792
CVE Reference: CVE-2016-6936
Sep 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 22.0.0.153 and prior ...
Impact: A remote user can obtain potentially runtime analytic information communicated by target Android-based systems.
Solution: The vendor has issued a fix (23.0.0.257)...
___
Adobe Digital Editions 4.5.2 released
- https://helpx.adobe.com/security/products/Digital-Editions/apsb16-28.html
Sep 13, 2016
CVE numbers: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
Platform: Windows, Macintosh, iOS and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution.
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:
Adobe Digital Editions 4.5.2
Windows: https://www.adobe.com/solutions/ebook/digital-editions/download.html
Macintosh: https://www.adobe.com/solutions/ebook/digital-editions/download.html
iOS: iTunes: https://itunes.apple.com/us/app/adobe-digital-editions/id952977781?mt=8
Playstore: https://play.google.com/store/apps/details?id=com.adobe.digitaleditions
- http://www.securitytracker.com/id/1036793
CVE Reference: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
Sep 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.5.1 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (4.5.2)...
___
- https://www.us-cert.gov/ncas/current-activity/2016/09/13/Adobe-Releases-Security-Updates
Sep 13, 2016
:fear::fear:
AplusWebMaster
2016-10-11, 18:49
FYI...
Flash 23.0.0.185 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
Oct 11, 2016
CVE number: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.185 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.382 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.637 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.185 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.185.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1036985
CVE Reference: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Oct 11 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.162 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (23.0.0.185; ESR 18.0.0.382; 11.2.202.637 for Linux)...
___
Acrobat / Reader 15.020.20039 released
- https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
Oct 11, 2016
CVE numbers: CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/
or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.
>> https://www.adobe.com/support/downloads/new.jsp
Acrobat for Windows: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Adobe Reader for Windows: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
___
Creative Cloud 3.8.0.310 released
- https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html
Oct 11, 2016
CVE number: CVE-2016-6935
Platform: Windows
Summary: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an unquoted search path vulnerability in the Creative Cloud Desktop Application...
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Creative Cloud Desktop Application - Creative Cloud 3.8.0.310 - Windows
For more details, visit: https://www.adobe.com/creativecloud/desktop-app.html
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
> https://helpx.adobe.com/creative-cloud/packager/named-licenses.html
Refer to this help page* for more information on the Creative Cloud Packager.
* https://helpx.adobe.com/creative-cloud/packager.html
:fear::fear::fear:
AplusWebMaster
2016-10-26, 21:05
FYI...
Flash 23.0.0.205 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
Oct 26, 2016
CVE number: CVE-2016-7855
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.205 via the update mechanism within the product [1], or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.205 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.205.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
> The final release of the ESR occurred on October 11, 2016 and it is now discontinued.
___
- http://www.securitytracker.com/id/1037111
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
Oct 26 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.185 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (23.0.0.205; 11.2.202.643 for Linux)...
___
- https://www.adobe.com/support/flashplayer/debug_downloads.html#fp15
10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.
:fear::fear::fear:
AplusWebMaster
2016-11-08, 18:16
FYI...
Flash 23.0.0.207 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
Nov 8, 2016
CVE number: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.207 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.644 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.207 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.207.
-Please visit the Flash Player Help page* for assistance in installing Flash Player.
* https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037240
CVE Reference: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Nov 8 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.205 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (23.0.0.207 for Windows and Mac, 11.2.202.644 for Linux)...
___
Adobe Connect 9.5.7 released
- https://helpx.adobe.com/security/products/connect/apsb16-35.html
Nov 8, 2016
CVE number: CVE-2016-7851
Platform: Windows
Summary: Adobe has released a security update for Adobe Connect for Windows. This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks. Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below...
Solution: Adobe recommends customers update the Connect instance to the newest version by following the instructions below.
Note: This issue will be automatically resolved for Connect customers using Adobe's hosted services once the account is upgraded to Connect 9.5.7...
Release Notes: Adobe Connect 9.5.7 is a maintenance release and is available as a patch. It fixes several issues to make the user workflows smoother...
Adobe Connect Help: http://helpx.adobe.com/adobe-connect.html
Adobe Connect Support: http://www.adobe.com/support/connect/connecthostedsupport.html
- http://www.securitytracker.com/id/1037239
CVE Reference: CVE-2016-7851
Nov 8 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.5.6 and prior...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.5.7).
___
- https://www.us-cert.gov/ncas/current-activity/2016/11/08/Adobe-Releases-Security-Updates
Nov 8, 2016
:fear::fear:
AplusWebMaster
2016-12-13, 19:44
FYI...
Flash 24.0.0.186 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
Dec 13, 2016
CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 24.0.0.186 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 24.0.0.186 by visiting the Adobe Flash Player Download Center
- http://www.adobe.com/go/getflash
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.186 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.186.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037442
CVE Reference: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.207 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (24.0.0.186)...
___
Adobe Animate 16.0.0.112 realeased
- https://helpx.adobe.com/security/products/animate/apsb16-38.html
Dec 13, 2016
CVE number: CVE-2016-7866
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Animate for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
> https://creative.adobe.com/products/download/animate
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information...
___
Adobe Experience Manager Forms
- https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html
Dec 13, 2016
CVE number: CVE-2016-6933, CVE-2016-6934
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks...
Solution:... recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team:
> https://helpx.adobe.com/marketing-cloud/contact-support.html
___
Adobe DNG Converter 9.8
- https://helpx.adobe.com/security/products/dng-converter/apsb16-41.html
Dec 13, 2016
CVE number: CVE-2016-7856
Platform: Windows and Macintosh
Summary: Adobe has released a security update for the Adobe DNG Converter for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version...
For more information, please reference the release notes:
- https://blogs.adobe.com/lightroomjournal/2016/12/acr-9-8-now-available.html
___
Adobe Experience Manager
- https://helpx.adobe.com/security/products/experience-manager/apsb16-42.html
Dec 13, 2016
CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
Platform: Windows, Unix, Linux and OS X
Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885)...
Solution: Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0...
6.0: https://docs.adobe.com/docs/en/aem/6-0/administer/security/security-checklist.html
6.1: https://docs.adobe.com/docs/en/aem/6-1/administer/security/security-checklist.html
6.2: https://docs.adobe.com/docs/en/aem/6-2/administer/security/security-checklist.html
___
Security updates available for InDesign
- https://helpx.adobe.com/security/products/indesign/apsb16-43.html
Dec 13, 2016
CVE number: CVE-2016-7886
Platform: Windows and Macintosh
Summary: Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version:
InDesign 12.0.0 Windows and Macintosh:
Relase Notes: https://helpx.adobe.com/indesign/release-note/indesign-cc-2017.html
InDesign Server 12.0.0 Windows and Macintosh
Release Notes: https://helpx.adobe.com/indesign/release-note/indesign-server-cc-2017-release-notes.html
___
ColdFusion Builder
- https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html
Dec 13, 2016
CVE number: CVE-2016-7887
Platforms: Windows, Linux and Macintosh
Summary: Adobe has released a security update for ColdFusion Builder for Windows, Linux, and Macintosh. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-7887)...
Solution: ... recommends users update their installations to the newest versions:
ColdFusion Builder 2016 Update 3 - Tech note:
> https://helpx.adobe.com/coldfusion/kb/coldfusion-builder-2016-update-3.html
ColdFusion Builder 3.0 3.0.3 Hotfix - Tech note:
> https://helpx.adobe.com/coldfusion/kb/coldfusion-builder-3-update.html
___
Adobe Digital Editions 4.5.3
- https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html
Dec 13, 2016
CVE numbers: CVE-2016-7888, CVE-2016-7889
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure...
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version 4.5.3 ...
Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.com/solutions/ebook/digital-editions/download.html
For more information, please reference the release notes:
- http://www.adobe.com/solutions/ebook/digital-editions/release-notes.html
___
Security update available for RoboHelp 2015.0.4
- https://helpx.adobe.com/security/products/robohelp/apsb16-46.html
Dec 13, 2016
CVE number: CVE-2016-7891
Platforms: Windows
Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation issue that could be used in cross-site scripting attacks...
Download: https://www.adobe.com/support/robohelp/downloads.html
Tech note: https://helpx.adobe.com/robohelp/kb/cross-site-scripting-vulnerability.html
Release notes: https://www.adobe.com/robohelp/Adobe_RoboHelp_2015_4_0_1_ReadMe.pdf
KB article: https://helpx.adobe.com/robohelp/kb/cross-site-scripting-vulnerability.html
:fear::fear::fear:
AplusWebMaster
2017-01-10, 18:21
FYI...
Adobe Flash 24.0.0.194 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
Jan 10, 2017
CVE numbers: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to 24.0.0.194 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.194 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.194.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037570
CVE Reference: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Jan 10 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 24.0.0.186 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (24.0.0.194)...
___
Adobe Acrobat/Reader updates released
- https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
Jan 10, 2017
CVE numbers: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader
Updated Versions:
Acrobat DC/Reader DC: 15.023.20053
Acrobat DC Classic/Reader DC Classic: 15.006.30279
Acrobat XI Desktop/Reader XI Desktop: 11.0.19
Acrobat: https://www.adobe.com/support/downloads/new.jsp
Reader: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- http://www.securitytracker.com/id/1037574
CVE Reference: CVE-2016-6937, CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
Jan 10 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (11.0.19, 15.006.30279)...
:fear::fear:
AplusWebMaster
2017-02-14, 18:29
FYI...
Flash 24.0.0.221 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
Feb 14, 2017
CVE number: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 24.0.0.221 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.221 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.221.
- Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037815
CVE Reference: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
Feb 14 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Version(s): 24.0.0.194 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (24.0.0.221)...
___
Adobe Digital Editions 4.5.4 released
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html
Feb 14, 2017
CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak...
Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.com/solutions/ebook/digital-editions/download.html
For more information, please reference the release notes**."
** http://www.adobe.com/solutions/ebook/digital-editions/release-notes.html
___
Adobe Campaign updates released
- https://helpx.adobe.com/security/products/campaign/apsb17-06.html
Feb 14, 2017
CVE number: CVE-2017-2968, CVE-2017-2969
Platform: Windows and Linux
Summary: Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves a moderate security bypass affecting the Adobe Campaign client console. An authenticated user with access to the client console could upload and execute a malicious file, potentially resulting in read and write access to the system (CVE-2017-2968). This update also resolves a moderate input validation issue that could be used in cross-site scripting attacks (CVE-2017-2969)...
Solution: Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version...
Release Notes: https://docs.campaign.adobe.com/doc/AC6.1/en/RN.html#8757
- Customers may refer to the FAQ* for instructions on downloading the latest build.
* https://docs.campaign.adobe.com/doc/AC6.1/en/FAQ/FAQ.html#AdobeCampaignFAQ-PublishedinHelpX-WherecanIfindthelatestbuildand%2Forthelistofrelatedchanges%28changelog%29%3F
For customers with Adobe Campaign 16.4 Build 8724 and earlier, please refer to the documentation page** for instructions to resolve CVE-2017-2968 by restricting uploads by file type.
** http://docs.campaign.adobe.com/doc/AC6.1/en/INS_Additional_configurations__Server_side_configurations.html#Limiting_uploadable_files
Please refer to this documentation page*** for assistance in upgrading Adobe Campaign server, and this documentation page for assistance in upgrading the Client Console.
*** https://docs.campaign.adobe.com/doc/AC6.1/en/INS_Installation_for_Windows__Installing_the_client_console.html
:fear::fear::fear:
AplusWebMaster
2017-03-14, 17:45
FYI...
Flash 25.0.0.127 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Mar 14, 2017
CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.127 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.127 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.127.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1037994
CVE Reference: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Mar 14 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 24.0.0.221 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (25.0.0.127)...
___
Shockwave Player 12.2.8.198 released
- https://helpx.adobe.com/security/products/shockwave/apsb17-08.html
Mar 14, 2017
CVE number: CVE-2017-2983
Platform: Windows
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an?important vulnerability that could potentially lead to escalation of privilege...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.7.197 and earlier versions for Windows update to Adobe Shockwave Player 12.2.8.198 by visiting the Adobe Shockwave Player Download Center:
- https://get.adobe.com/shockwave/
- http://www.securitytracker.com/id/1037993
CVE Reference: CVE-2017-2983
Mar 14 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.2.7.197 and prior ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.2.8.198)...
:fear::fear:
AplusWebMaster
2017-04-11, 18:45
FYI...
Flash 25.0.0.148 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
April 11, 2017
CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Platform: Windows, Macintosh, Linux and Chrome OS ...
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.148 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.148 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.148.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1038225
CVE Reference: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Apr 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.127 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.148)...
___
Adobe Acrobat and Reader Updates
- https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
April 11, 2017
CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017,
CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052,
CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Platform: Windows and Macintosh ...
Solution: Adobe recommends users update their software installations to the latest versions by following the
instructions below.
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
- https://get.adobe.com/reader/
For IT administrators (managed environments):
> Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
For more information on Acrobat DC, please visit the Acrobat DC FAQ page:
- https://helpx.adobe.com/acrobat/faq.html
For more information on Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page:
- https://helpx.adobe.com/reader/faq.html
Acrobat for Windows
> http://supportdownloads.adobe.com/product.jsp?product=1&platform=Windows
Reader for Windows
> http://supportdownloads.adobe.com/product.jsp?product=10&platform=Windows
Acrobat for Macintosh
> http://supportdownloads.adobe.com/product.jsp?product=1&platform=Mac
Reader for Macintosh
> http://supportdownloads.adobe.com/product.jsp?product=10&platform=Mac
- http://www.securitytracker.com/id/1038228
CVE Reference: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Apr 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (Classic 2015.006.30306, Continuous 2017.009.20044, XI 11.0.20)...
___
Adobe Photoshop CC
- https://helpx.adobe.com/security/products/photoshop/apsb17-12.html
April 11, 2017
CVE number: CVE-2017-3004, CVE-2017-3005
Platform: Windows and Macintosh...
___
Creative Cloud Desktop Application
- https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html
April 11, 2017
CVE number: CVE-2017-3006, CVE-2017-3007
Platform: Windows
___
Adobe Campaign
- https://helpx.adobe.com/security/products/campaign/apsb17-09.html
April 11, 2017
CVE number: CVE-2017-2989
Platform: Windows and Linux
___
Qualys analysis:
- https://blog.qualys.com/laws-of-vulnerabilities/2017/04/11/adobe-fixes-flash-pdf-reader-and-photoshop-in-april
April 11, 2017 - "Adobe released -five- security bulletins today... Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take complete control of user’s computer if the user views malicious flash content hosted by the attacker. Although flash based exploit kit activity has reduced as compared to last year we still recommend updating this first..."
___
- https://www.us-cert.gov/ncas/current-activity/2017/04/11/Adobe-Releases-Security-Updates
April 11, 2017
:fear::fear::fear::fear:
AplusWebMaster
2017-04-26, 14:32
FYI...
ColdFusion Hotfixes available
- https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
April 25, 2017
CVE number: CVE-2017-3008, CVE-2017-3066
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below...
Solution: ... Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-4.html
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-12.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
ColdFusion (2016 release) Lockdown guide:
- http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf
ColdFusion 11 Lockdown Guide:
- https://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf
ColdFusion 10 Lockdown Guide:
- https://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf
- http://www.securitytracker.com/id/1038364
CVE Reference: CVE-2017-3008, CVE-2017-3066
Apr 26 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11, 2016 ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10 Update 23, 11 Update 12, 2016 Update 4)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/04/26/Adobe-Releases-Security-Updates-ColdFusion
April 26, 2017
:fear::fear:
AplusWebMaster
2017-05-09, 18:31
FYI...
Flash 25.0.0.171 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
May 9, 2017
CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.171 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center...
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.171 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.171.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1038427
CVE Reference: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.148 and prior (Windows/Linux); 25.0.0.163 and prior (Mac)...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.171)...
___
Adobe Experience Manager Forms
- https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html
May 9, 2017
CVE number: CVE-2017-3067
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms...
Solution: Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
Adobe Experience Manager Forms 6.2 6.2 SP1 CFP3 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/experience-manager/release-notes--aem-6-2-cumulative-fix-pack.html
Adobe Experience Manager Forms 6.1 6.1 SP2 CFP8 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/experience-manager/release-notes--aem-6-1-cumulative-fix-pack-.html
Adobe Experience Manager Forms 6.0 HotFix 2.0.58 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/aem-forms/quick-fixes/6-0/adaptive-form-2-0-58.html
- http://www.securitytracker.com/id/1038428
CVE Reference: CVE-2017-3067
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6.0, 6.1, 6.2 ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (6.0 HotFix 2.0.58, 6.1 SP2 CFP8, 6.2 SP1 CFP3)...
:fear::fear:
AplusWebMaster
2017-06-13, 18:23
FYI...
Flash 26.0.0.126 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.120.
Please visit the Flash Player Help page* for assistance in installing Flash Player.
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
* https://helpx.adobe.com/flash-player.html
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1038655
CVE Reference: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
Jun 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.171 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (26.0.0.126)...
___
Shockwave 12.2.9.199 released
- https://helpx.adobe.com/security/products/shockwave/apsb17-18.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical memory corruption vulnerability that could lead to code execution...
Adobe recommends users of Adobe Shockwave Player 12.2.8.198 and earlier versions for Windows update to Adobe Shockwave Player 12.2.9.199 by visiting the Adobe Shockwave Player Download Center:
> https://get.adobe.com/shockwave/
___
Adobe Captivate 10.0.0.192
- https://helpx.adobe.com/security/products/captivate/apsb17-19.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate...
10.0.0.192: https://helpx.adobe.com/captivate/release-note/adobe-captivate-release-notes.html
Tech note: https://helpx.adobe.com/captivate/kb/security-updates-captivate.html
___
Adobe Digital Editions 4.5.5
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe Digital Editions 4.5.5
Windows: https://www.adobe.com/solutions/ebook/digital-editions/download.html
Macintosh: https://www.adobe.com/solutions/ebook/digital-editions/download.html
iOS: https://itunes.apple.com/us/app/adobe-digital-editions/id952977781?mt=8
Android: https://play.google.com/store/apps/details?id=com.adobe.digitaleditions
:fear::fear::fear:
AplusWebMaster
2017-06-23, 22:36
FYI...
Flash 26.0.0.131 released
Yours may have -automatically- updated to 26,0,0,131 - check here:
> https://get.adobe.com/flashplayer/about/
... 'should read:
"You have version 26,0,0,131 installed" - if NOT, use the -manual- downloads below!
[ALL browsers installed on your system]
> https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html
June 16, 2017 - "In today's release, we've updated Flash Player to address a bug that was impacting some Flash content. If you are having problems interacting with mouse button presses or drag and drop actions, we recommend you update..."
___
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
___
Ref: http://www.computerworld.com/article/3201018/enterprise-applications/flash-player-updated-just-3-days-after-an-update.html
Jun 18, 2017
___
Flash Player Download Center
> https://get.adobe.com/flashplayer/
Version 26.0.0.131
:fear:
AplusWebMaster
2017-07-11, 17:34
FYI...
Flash 26.0.0.137 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
July 11, 2017
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.137.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://chl-author-preview.corp.adobe.com/content/help/en/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1038845
CVE Reference: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Jul 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 26.0.0.131 and before...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (26.0.0.137)...
___
Adobe Connect 9.6.2 released
- https://helpx.adobe.com/security/products/connect/apsb17-22.html
July 11, 2017
"Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101)...
> https://helpx.adobe.com/adobe-connect/release-note/adobe-connect-9-6-2-release-notes.html
"... Adobe Connect 9.6.2 will be rolled out in phases:
On-premise: Adobe Connect 9.6.2 installer for customer on-premise deployments (all supported locales): Jun 26th, 2017
Hosted: Adobe Connect 9.6.2 service hosted by Adobe: Starting Jun 19th, 2017
Managed Services: Adobe-managed customer-specific cloud deployment of Adobe Connect: Updates are scheduled based on customer requirements. Reach out to your Adobe Connect managed services representative to schedule your update..."
- http://www.securitytracker.com/id/1038846
CVE Reference: CVE-2017-3101, CVE-2017-3102, CVE-2017-3103
Jul 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.6.1 and before...
Impact: A remote user can conduct clickjacking attacks.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.6.2)...
:fear::fear:
AplusWebMaster
2017-07-26, 23:03
FYI...
Adobe Flash - EOL end of 2020
- https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
July 25, 2017 - "... as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web... Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats..."
... i.e.: HTML5, WebGL and WebAssembly.
:fear:
Summary.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical (http://helpx.adobe.com/security/severity-ratings.html) and Important (http://helpx.adobe.com/security/severity-ratings.html) that could potentially allow an attacker to take control of the affected system.
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
(https://helpx.adobe.com/security/products/acrobat/apsb17-24.html)
AplusWebMaster
2017-08-13, 14:25
FYI...
> https://helpx.adobe.com/security.html
Flash 26.0.0.151 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
Aug 8, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure...
Solution: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.151 via the update mechanism within the product[1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.151 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.151.
- Please visit the Flash Player Help page for assistance in installing Flash Player*.
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1039088
CVE Reference: CVE-2017-3085, CVE-2017-3106
Aug 8 2017
Version(s): 26.0.0.137 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (26.0.0.151)...
___
Adobe Experience Manager...
- https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html
Aug 8 2017 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve an important file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110)..."
[Release notes for multiple versions at the URL above.]
- http://www.securitytracker.com/id/1039099
CVE Reference: CVE-2017-3107, CVE-2017-3108, CVE-2017-3110
Aug 8 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6.0, 6.1, 6.2, 6.3 ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix...
___
Adobe Digital Editions...
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
Aug 8 2017 - "Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure..."
Release Notes: https://www.adobe.com/solutions/ebook/digital-editions/release-notes.html
- http://www.securitytracker.com/id/1039100
CVE Reference: CVE-2017-11272, CVE-2017-11274, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280, CVE-2017-1129, CVE-2017-3091
Aug 8 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.5.5 and before ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (4.5.6)...
:fear::fear::fear:
AplusWebMaster
2017-08-28, 21:52
FYI...
Acrobat/Reader - 11.0.22 Out of cycle update
- https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.22.html
Aug 22, 2017
Patch Installers / Install over 11.0.21
- https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html
... How do I update manually? Go to Help > Check for updates, and install the updates...
Bug fixes: Forms-XFA / 4221443: Acrobat and Reader crash on launching some XFA forms.
Known issues | Acrobat XI, Reader XI
- https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-xi-reader.html
__
Adobe Reader for Windows
- http://supportdownloads.adobe.com/product.jsp?platform=windows&product=10
Full Download / Updates/Programs
___
Update to Security Bulletin (APSB17-24)
> https://blogs.adobe.com/psirt/?p=1484
"Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.
The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223. This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.
At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.
References:
[0] Hotfix for 2017.012.20093: https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/DC/dccontinuousaug2017qfe.html#dccontinuousaugusttwentyseventeenqfe
[1] Hotfix for 2017.011.30059: http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/DC/dcclassic17.011Aug2017qfe.html#dc17-011augusttwentyseventeenqfe
[2] Hotfix for 2015.006.30352: http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/DC/dcclassic15.006Aug2017qfe.html#dc15-006augusttwentyseventeenqfe
- https://nvd.nist.gov/vuln/detail/CVE-2017-11223
Original release date: 08/11/2017
Last revised: 08/17/2017
:fear:
AplusWebMaster
2017-09-12, 18:25
FYI...
Flash 27.0.0.130 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
Sep 12, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.130 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.130 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.130.
- Please visit the Flash Player Help page* for assistance in installing Flash Player.
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1039314
CVE Reference: CVE-2017-11281, CVE-2017-11282
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 26.0.0.151 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.130)...
___
ColdFusion updates
- https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html
Sep 12, 2017 - "Summary: Adobe has released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284)...
Solution: ...
ColdFusion (2016 release) Update 5 - Tech note*
* https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-5.html
ColdFusion 11 Update 13 - Tech note**
** https://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-13.html
Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
1] ColdFusion (2016 release):
> http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-5.html
2] ColdFusion 11:
> http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
ColdFusion (2016 release) Lockdown guide:
> http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf
ColdFusion 11 Lockdown Guide :
> http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf
- http://www.securitytracker.com/id/1039321
CVE Reference: CVE-2017-11283, CVE-2017-11284, CVE-2017-11285, CVE-2017-11286
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can obtain potentially sensitive information on the target system with the privileges of the target service.
Solution: The vendor has issued a fix (11 Update 13, 2016 Update 5)...
___
RoboHelp RH2017.0.2, RH12.0.4.460 released
- https://helpx.adobe.com/security/products/robohelp/apsb17-25.html
Sep 12, 2017 - "Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an -important- input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL -redirect- vulnerability rated -moderate- that could be used in phishing campaigns (CVE-2017-3105)...
Solution: ... Refer to the Release notes* for instructions to download and apply the update.
Refer to the Knowledge Base article** for instructions to download and apply the fix on RoboHelp 2015..."
* https://helpx.adobe.com/robohelp/release-note/robohelp-2017-release-notes.html
** https://helpx.adobe.com/robohelp/kb/security-vulnerability-webhelp.html
Download: https://www.adobe.com/support/robohelp/downloads.html
- http://www.securitytracker.com/id/1039319
CVE Reference: CVE-2017-3104, CVE-2017-3105
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can cause the target user's browser to be redirected to an arbitrary web site.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe RoboHelp software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (RH12.0.4.460 (Hotfix), RH2017.0.2)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/09/12/Adobe-Releases-Security-Updates
Sep 12, 2017
:fear::fear::fear:
AplusWebMaster
2017-10-10, 19:03
FYI...
Flash 27.0.0.159 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-31.html
Oct 10, 2017 - "Summary: Adobe has released an update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This monthly update addresses functionality bugs...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.159 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.159 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.159.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- https://www.securitytracker.com/id/1039582
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.159 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.170)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates
Oct 16, 2017
___
MS ADV170018 | October Flash Security Update
> https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170018
10/17/2017
___
Archived Flash Player versions:
> https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
>> https://forums.adobe.com/thread/239585
[moderator: Added 'VMWare' to title to aid other users who are having the same issue in finding this topic]
Oct 17, 2017
:fear::fear:
AplusWebMaster
2017-10-16, 17:36
FYI...
Flash 27.0.0.170 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Oct 16, 2017 - "Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution. Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.170 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.170 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.170.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- https://www.securitytracker.com/id/1039582
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.159 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.170)...
___
- https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates
Oct 16, 2017
___
MS ADV170018 | October Flash Security Update
> https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170018
10/17/2017
- https://www.securitytracker.com/id/1039589
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Version(s): 27.0.0.159 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: Microsoft has issued a fix for CVE-2017-11292 ...
___
Archived Flash Player versions:
> https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
>> https://forums.adobe.com/message/9892958#9892958
Oct 17, 2017
:fear::fear:
AplusWebMaster
2017-11-14, 19:01
FYI...
Flash 27.0.0.187 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
11/14/2017 - "... Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to code execution...
Solution: Note: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.187 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.187 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.187.
Please visit the Flash Player Help page for assistance in installing Flash Player.
1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
- https://www.securitytracker.com/id/1039778
CVE Reference: CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
Nov 14 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Description: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An out-of-bounds memory read error may occur [CVE-2017-3112, CVE-2017-3114, CVE-2017-11213].
A use-after-free memory error may occur [CVE-2017-11215, CVE-2017-11225]...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.187)...
___
Security updates - Adobe Photoshop CC | APSB17-34
- https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039786
___
Security updates - Adobe Connect | APSB17-35
- https://helpx.adobe.com/security/products/connect/apsb17-35.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039799
___
Security updates - Adobe Acrobat and Reader | APSB17-36
- https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039791
___
Security updates - Adobe DNG Converter | APSB17-37
- https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
Nov 14, 2017
___
Security updates - InDesign | APSB17-38
- https://helpx.adobe.com/security/products/indesign/apsb17-38.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039785
___
Security updates - Adobe Digital Editions | APSB17-39
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039798
___
Security update - Shockwave Player | APSB17-40
- https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039784
___
Security updates - Adobe Experience Manager | APSB17-41
- https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039800
___
> https://www.us-cert.gov/ncas/current-activity/2017/11/14/Adobe-Releases-Security-Updates
Nov 14, 2017
:fear::fear::fear::fear:
AplusWebMaster
2017-12-12, 19:32
FYI...
Flash 28.0.0.126 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
Dec 12, 2017
Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that could lead to the unintended reset of the global settings preference file...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.126.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- https://www.securitytracker.com/id/1039986
CVE Reference: CVE-2017-11305
Dec 12 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.187 and before ...
Description: A vulnerability was reported in Adobe Flash Player. Security settings may be reset.
A logic error may cause the global settings preference file to be reset.
[Editor's note: The vendor did not indicate whether the attack vector for this vulnerability is local or remote.]
Impact: The global settings preference file may be reset.
Solution: The vendor has issued a fix (28.0.0.126)...
:fear::fear:
AplusWebMaster
2018-01-09, 19:23
FYI...
Flash 28.0.0.137 released
- https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Jan 9, 2018
"Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
- https://get.adobe.com/flashplayer/
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.137.
Please visit the Flash Player Help page* for assistance in installing Flash Player:
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
___
- https://www.us-cert.gov/ncas/current-activity/2018/01/09/Adobe-Releases-Security-Updates-Flash-Player
Jan 09, 2018
___
- https://www.securitytracker.com/id/1040155
CVE Reference: CVE-2018-4871
Jan 10 2018
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (28.0.0.137)...
:fear::fear:
AplusWebMaster
2018-02-06, 19:58
FYI...
Flash 28.0.0.161 released
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
Feb 6, 2018
"Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.161 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
- https://get.adobe.com/flashplayer/
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.161 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.161.
Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Flash test site: https://www.adobe.com/software/flash/about/
:fear::fear:
AplusWebMaster
2018-02-14, 17:28
FYI...
Adobe Acrobat and Reader
- https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions...
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates.
> The products will update automatically, without requiring user intervention, when updates are detected.
> The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
- https://get.adobe.com/reader/
- https://www.securitytracker.com/id/1040364
___
Adobe Experience Manager - updated
- https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important...
Affected product versions: All... minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced:
Solution: https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html#Vulnerabilitydetails
- https://www.securitytracker.com/id/1040365
___
- https://www.us-cert.gov/ncas/current-activity/2018/02/13/Adobe-Releases-Security-Updates
Feb 13, 2018
:fear::fear: