-
Flash v11.6.602.180 released
FYI...
Flash v11.6.602.180 released
- https://www.adobe.com/support/securi...apsb13-09.html
March 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0646 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0650 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1371 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1375 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.6.602.180.
- Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275.
- Adobe Flash Player 11.6.602.171 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.6.602.171 installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.180 for Windows.
- Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48.
- Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.44.
- Users of Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.6.0.6090.
- Users of the Adobe AIR 3.6.0.597 SDK and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK.
- Users of the Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK & Compiler.
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine
>> http://get.adobe.com/air/
:fear:
-
Flash, Shockwave, Cold Fusion updates
FYI...
Flash v11.7.700.169 released
- https://www.adobe.com/support/securi...apsb13-11.html
April 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1378 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1379 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1380 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-2555 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.169.
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280.
- Adobe Flash Player 11.6.602.180 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.179 for Windows and 11.7.700.169 for Macintosh and Linux.
- Adobe Flash Player 11.6.602.180 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.169 for Windows 8.
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54.
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.50.
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.7.0.1530.
- Users of the Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1530 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine
>> http://get.adobe.com/air/
- https://secunia.com/advisories/52931/
Release Date: 2013-04-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
___
Shockwave v12.0.2.122 released
- https://www.adobe.com/support/securi...apsb13-12.html
April 9, 2013
CVE number: CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.0.112 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to Adobe Shockwave Player 12.0.2.122 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to the newest version 12.0.2.122, available here: http://get.adobe.com/shockwave/
- https://secunia.com/advisories/52981/
Release Date: 2013-04-10
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 12.0.2.122
___
ColdFusion hotfix
- https://www.adobe.com/support/securi...apsb13-10.html
April 9, 2013
CVE number: CVE-2013-1387, CVE-2013-1388
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.com/coldfusion/kb...apsb13-10.html
- https://secunia.com/advisories/52995/
Release Date: 2013-04-10
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing
Where: From remote...
Solution: Apply hotfix.
:fear:
-
0-day ColdFusion critical vulnerability
FYI...
0-day ColdFusion critical vulnerability - https://isc.sans.edu/diary.html?storyid=15770
- https://www.adobe.com/support/securi...apsa13-03.html
May 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3336
Summary: Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.
There are reports that an exploit for this vulnerability is publicly available. ColdFusion customers who have restricted public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories (as outlined in the ColdFusion 9 Lockdown Guide* and ColdFusion 10 Lockdown Guide**) are already mitigated against this issue. Customers who have not already applied these steps can protect themselves from CVE-2013-3336 by implementing the following configuration settings:
- Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide**
We are in the process of finalizing a fix for this issue and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to be available on May 14, 2013...
* http://wwwimages.adobe.com/www.adobe...uide-wp-ue.pdf
** http://wwwimages.adobe.com/www.adobe...wn%20Guide.pdf
Revisions - May 9, 2013: Revised to clarify the CFIDE/gettingstarted directory is only applicable to ColdFusion version 8.x and earlier.
- http://atlas.arbor.net/briefs/index#366717635
Severity: High Severity
May 09, 2013 17:23
"... being exploited in the wild..."
___
Prenotification Security Advisory for Adobe Reader and Acrobat
- https://www.adobe.com/support/securi...apsb13-15.html
May 9, 2013 - "Summary: Adobe is planning to release security updates on Tuesday, May 14, 2013 for Adobe Reader and Acrobat..."
:fear::fear:
-
Flash v11.7.700.202 - Reader/Acrobat v11.0.03 - ColdFusion hotfix released
FYI...
Flash v11.7.700.202 released
- https://www.adobe.com/support/securi...apsb13-14.html
May 14, 2013
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.202.
- Users of Adobe Flash Player 11.2.202.280 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.285.
- Adobe Flash Player 11.7.700.169 installed with Google Chrome (and version 11.7.700.179 on the Windows platform) will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.169 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.202 for Windows 8.
- Users of Adobe Flash Player 11.1.115.54 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.58.
- Users of Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.54.
- Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.7.0.1860.
- Users of Adobe AIR 3.7.0.1660 and earlier versions for Android should update to Adobe AIR 3.7.0.1860.
- Users of the Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1860 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine
>> http://get.adobe.com/air/
___
Adobe Reader/Acrobat v11.0.03 released
- https://www.adobe.com/support/securi...apsb13-15.html
May 14, 2013
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
- For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
- For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
- Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
- Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
- For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
- For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5...
___
ColdFusion hotfix available
- https://www.adobe.com/support/securi...apsb13-13.html
May 14, 2013
CVE number: CVE-2013-1389, CVE-2013-3336
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" ...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb...apsb13-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.
:fear::fear::fear:
-
Flash v11.7.700.224 released
FYI...
Flash v11.7.700.224 released
- https://www.adobe.com/support/securi...apsb13-16.html
June 11, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3343 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.202 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.224.
- Users of Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.225.
- Users of Adobe Flash Player 11.2.202.285 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.291.
- Adobe Flash Player 11.7.700.203 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.225 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.202 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.224 for Windows 8.
- Users of Adobe Flash Player 11.1.115.58 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.63.
- Users of Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.59.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Windows should update to Adobe AIR 3.7.0.2090.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.2100.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Android should update to Adobe AIR 3.7.0.2090.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.7.0.2090 SDK & Compiler.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.7.0.2100 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine
>> http://get.adobe.com/air/
___
- https://secunia.com/advisories/53751/
Release Date: 2013-06-11
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is caused due to an unspecified error and can be exploited to cause memory corruption.
Solution: Update to a fixed version.
:fear::fear:
-
Flash Player 11.8.800.94 released
FYI...
Flash Player 11.8.800.94 released
- https://www.adobe.com/support/securi...apsb13-17.html
July 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3344 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3345 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-3347 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297.
- Adobe Flash Player 11.7.700.225 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.97 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.224 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.94 for Windows 8.
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69.
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.64...
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://helpx.adobe.com/flash-player/...n_your_machine
___
Shockwave Player 12.0.3.133 released
- https://www.adobe.com/support/securi...apsb13-18.html
July 9, 2013
CVE number: CVE-2013-3348
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to Adobe Shockwave Player 12.0.3.133...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to the newest version 12.0.3.133, available here:
- http://get.adobe.com/shockwave/
___
ColdFusion hotfixes available
- https://www.adobe.com/support/securi...apsb13-19.html
July 9, 2013
CVE number: CVE-2013-3349, CVE-2013-3350
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10 for Windows, Macintosh and Linux. This hotfix addresses a vulnerability (CVE-2013-3350) that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets. Adobe has released a security hotfix for ColdFusion versions 9.0, 9.0.1 and 9.0.2 on JRun. This hotfix addresses a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun. ColdFusion 10 customers are not affected by CVE-2013-3349.
Adobe recommends users update their product installation...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb...apsb13-19.html ...
___
- https://isc.sans.edu/diary.html?storyid=16129
Last Updated: 2013-07-09 18:41:00 UTC
___
Flash:
- https://secunia.com/advisories/53975/
Shockwave:
- https://secunia.com/advisories/53894/
ColdFusion:
- https://secunia.com/advisories/53997/
- https://secunia.com/advisories/54024/
:fear::fear::fear:
-
Flash Player, Reader, Shockwave updates ...
FYI...
Flash Player v11.8.800.168 released
- http://www.adobe.com/support/securit...apsb13-21.html
Sep 10, 2013
CVE number: CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.8.800.168.
- Users of Adobe Flash Player 11.2.202.297 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.310.
- Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.8.800.94 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.168 for Windows 8.
- Users of Adobe Flash Player 11.1.115.69 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.81.
- Users of Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.73.
- Users of Adobe AIR 3.8.0.870 and earlier versions for Windows and Android should update to Adobe AIR 3.8.0.1430.
- Users of Adobe AIR 3.8.0.910 and earlier versions for Macintosh should update to Adobe AIR 3.8.0.1430.
- Users of the Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
- Users of the Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.8.0.1430 SDK & Compiler...
Flash Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/...n_your_machine
Adobe AIR 3.8
- http://get.adobe.com/air/
- https://secunia.com/advisories/54697/
Release Date: 2013-09-10
Criticality: Highly Critical
Software: Adobe AIR 3.x, Adobe Flash Player 11.x
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/securit...apsb13-21.html
___
Adobe Reader / Acrobat v11.0.04 released
- http://www.adobe.com/support/securit...apsb13-22.html
Sep 10, 2013
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.03) for Windows and Macintosh should update to Adobe Reader XI (11.0.04).
- For users of Adobe Reader X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.04), Adobe has made available the update Adobe Reader X (10.1.8 ).
- Users of Adobe Acrobat XI (11.0.03) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.04).
- For users of Adobe Acrobat X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.04), Adobe has made available the update Adobe Acrobat X (10.1.8 )...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
Help >About >Check for updates...
- https://secunia.com/advisories/54694/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/securit...apsb13-22.html
___
Shockwave Player v12.0.4.144 released
- http://www.adobe.com/support/securit...apsb13-23.html
Sep 10, 2013
CVE number: CVE-2013-3359 and CVE-2013-3360
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to Adobe Shockwave Player 12.0.4.144 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to the newest version 12.0.4.144, available here:
- http://get.adobe.com/shockwave/
- https://secunia.com/advisories/54700/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3359, CVE-2013-3360
... can be exploited by malicious people to compromise a user's system.
Solution: Update to version 12.0.4.144.
Original Advisory: http://www.adobe.com/support/securit...apsb13-23.html
:fear::fear::fear:
-
Flash Player 11.8.800.175 - Win IE ...
FYI...
Flash Player 11.8.800.175 (Win IE) ...
- http://forums.adobe.com/message/5698133
Sep 19, 2013 - "... Flash Player 11.8.800.175 is available for download via our auto update mechanism. This update includes multiple stability fixes for the Windows ActiveX (Internet Explorer) plugin only ...
Bug fixes: 3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side..."
Flash Player 11.8.800.175 (Win IE) ...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/...n_your_machine
___
Text is corrupted when it's typed into a webpage that uses Adobe Flash Player after you install security update 2880289
- http://support.microsoft.com/kb/2889543
Last Review: September 24, 2013 - Revision: 2.0
"... issue is resolved in the current release of Adobe Flash Player. For more information, see the following Adobe release notes:
- http://helpx.adobe.com/en/flash-play...ase_notes.html
"...Fixed Issues
September 24th, 2013
3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side
3631555 - [Windows][IE] ExternalInterface.call() does not work normally since flash player 11.8.800.168
3631605 - [Windows][IE][Video] Video playback failure in Nico Video ...
- http://helpx.adobe.com/en/flash-play...eased_versions
Flash Player Desktop (Win Internet Explorer) 11.8.800.175 ..."
* http://support.microsoft.com/kb/2880289
Last Review: September 24, 2013 - Revision: 4.1
:fear:
-
Adobe security updates Oct 8, 2013 ...
FYI...
Flash Player v11.9 / AIR 3.9
- http://helpx.adobe.com/en/flash-play...eased_versions
Oct 8, 2013
Deliverable Released Version
Flash Player Desktop (Win Internet Explorer) 11.9.900.117
Flash Player Desktop (Win Other Browsers) 11.9.900.117
Flash Player Desktop (Mac) 11.9.900.117
Flash Player Desktop (Linux) 11.2.202.310
Flash Player Enterprise 11.7 (Mac and Win) 11.7.700.242
Flash Player Desktop (Win 8) 11.9.900.117
Flash Player Desktop (Chrome) 11.9.900.117
AIR Desktop (Win) 3.9.0.1030
AIR Desktop (Mac) 3.9.0.1030
AIR Android 3.9.0.1060
AIR SDK & Compiler(Win) 3.9.0.1030
AIR SDK & Compiler(Mac) 3.9.0.1030
AIR SDK(Win) 3.9.0.1030
AIR SDK(Mac) 3.9.0.1030
- http://forums.adobe.com/message/5744968#5744968
Oct 8, 2013
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/...n_your_machine
Adobe AIR 3.9
- http://get.adobe.com/air/
___
Adobe Reader/Acrobat v11.0.05 released
- http://www.adobe.com/support/securit...apsb13-25.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5325 - 9.3 (HIGH)
[Last revised: 10/10/2013]
Platform: Windows
"Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows. These updates address a -regression- that occurred in version 11.0.04 affecting Javascript security controls. Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are -not- affected, and all versions of Adobe Reader and Acrobat for Macintosh are also -not- affected by this vulnerability. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.04) for Windows should update to Adobe Reader XI (11.0.05).
- Users of Adobe Acrobat XI (11.0.04) for Windows should update to Adobe Acrobat XI (11.0.05)...
Adobe Reader: Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
___
Adobe RoboHelp - Security update
- http://www.adobe.com/support/securit...apsb13-24.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5327 - 10.0 (HIGH)
Platform: Windows
"Summary: Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section...
This update addresses a -critical- vulnerability in the software..."
Affected software versions: RoboHelp 10 for Windows
Solution: Adobe recommends users of RoboHelp 10 apply the fix...
(See the Adobe URL above for links and fix.)
:fear::fear:
-
Flash v11.9.900.152, Air v3.9.0.1210, ColdFusion hotfix ..
FYI...
Flash v11.9.900.152 released
- https://www.adobe.com/support/securi...apsb13-26.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5329 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5330 - 10.0 (HIGH)
Platform: All Platforms
"Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.152.
- Users of Adobe Flash Player 11.2.202.310 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.327.
- Adobe Flash Player 11.9.900.117 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.152 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.0
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.1
- Users of Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1210.
- Users of Adobe AIR 3.9.0.1060 and earlier versions for Android should update to Adobe AIR 3.9.0.1210.
- Users of the Adobe AIR 3.9.0.1030 SDK and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK.
- Users of the Adobe AIR 3.9.0.1030 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK & Compiler...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player/...n_your_machine
Adobe AIR 3.9.0.1210
- http://get.adobe.com/air/
___
ColdFusion hotfix...
- https://www.adobe.com/support/securi...apsb13-27.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5326 - 3.5
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5328 - 7.8 (HIGH)
Platform: All platforms
"Summary: Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. This hotfix also addresses a vulnerability (CVE-2013-5328) in ColdFusion 10 that could permit unauthorized remote read access...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb...apsb13-27.html
:fear::fear:
-
Flash 11.9.900.170, Shockwave 12.0.7.148 released
FYI...
Flash 11.9.900.170 released
- http://helpx.adobe.com/security/prod...apsb13-28.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5331 - 9.3 (HIGH)
"... as exploited in the wild in December 2013."
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5332 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack.
Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.170.
• Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332.
• Adobe Flash Player 11.9.900.152 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.170 for Windows, Macintosh and Linux.
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.0
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.1
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1380.
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Android should update to Adobe AIR 3.9.0.1380.
• Users of the Adobe AIR 3.9.0.1210 SDK and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK.
• Users of the Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK & Compiler...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
- https://secunia.com/advisories/55948/
Criticality: Highly Critical
___
Shockwave 12.0.7.148 released
- http://helpx.adobe.com/security/prod...apsb13-29.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5333 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-5334 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to Adobe Shockwave Player 12.0.7.148 using the instructions provided in the "Solution" section below.
Affected software versions: Adobe Shockwave Player 12.0.6.147 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to the newest version 12.0.7.148, available here:
- http://get.adobe.com/shockwave/
- https://secunia.com/advisories/55952/
Criticality: Highly Critical
:fear::fear:
-
Adobe Reader/Acrobat - Prenotification Security Advisory
FYI...
Prenotification Security Advisory for Adobe Reader and Acrobat
- http://helpx.adobe.com/security/prod...apsb14-01.html
Jan 9, 2014 - "Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh... This Security Advisory will be replaced with the Security Bulletin upon release of the update on Tuesday, January 14, 2014..."
:fear::fear:
-
Flash 12.0.0.38, Reader/Acrobat 11.0.06 released
FYI...
Flash 12.0.0.38 released
- http://helpx.adobe.com/security/prod...apsb14-02.html
Jan 14, 2014
CVE number: CVE-2014-0491, CVE-2014-0492
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.332 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.
- Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.0.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.1.
-- Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.
- Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.
- Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.
- Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
___
Adobe Reader/Acrobat 11.0.06 released
- http://helpx.adobe.com/security/prod...apsb14-01.html
Jan 14, 2014
CVE Numbers: CVE-2014-0493, CVE-2014-0495, CVE-2014-0496
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.05) for Windows and Macintosh should update to Adobe Reader XI 11.0.06.
- For users of Adobe Reader X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.06), Adobe has made available the update Adobe Reader X (10.1.9).
- Users of Adobe Acrobat XI (11.0.05) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.06).
- For users of Adobe Acrobat X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.06), Adobe has made available the update Adobe Acrobat X (10.1.9)...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
:fear::fear:
-
Adobe Digital Editions v3.0 released
FYI...
Adobe Digital Editions v3.0 released
- https://secunia.com/advisories/56578/
Release Date: 2014-01-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0494
... vulnerability is reported in version 2.0.1.
Solution: Upgrade to version 3.0.
Original Advisory:
http://helpx.adobe.com/security/prod...apsb14-03.html
- http://www.adobe.com/products/digita.../download.html
:fear:
-
Flash 12.0.0.44 released
FYI...
Flash 12.0.0.44 released
- http://helpx.adobe.com/security/prod...apsb14-04.html
Feb 4, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0497 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.
- Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.
- Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1...
These updates address -critical- vulnerabilities in the software...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
___
- https://secunia.com/advisories/56737/
Release Date: 2014-02-05
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution Status: Vendor Patch
... vulnerability is actively exploited in the wild.
Reported as a 0-Day...
CVE Reference: CVE-2014-0497
Solution: Update to a fixed version...
- http://atlas.arbor.net/briefs/index#375357101
High Severity
6 Feb 2014
CVE-2014-0497 – a 0-day vulnerability
- https://www.securelist.com/en/blog/8..._vulnerability
Feb 5, 2014
:fear: :fear: :sad:
-
Shockwave Player 12.0.9.149 released
FYI...
Shockwave Player 12.0.9.149 released
- http://helpx.adobe.com/security/prod...apsb14-06.html
Feb 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0500 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0501 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system... Adobe recommends users of Adobe Shockwave Player 12.0.7.148 and earlier versions update to the newest version 12.0.9.149, available here:
- http://get.adobe.com/shockwave/
___
Test Shockwave
- http://www.adobe.com/shockwave/welcome/
___
- https://secunia.com/advisories/56740/
Release Date: 2014-02-11
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0500, CVE-2014-0501
Solution: Update to version 12.0.9.149
:fear:
-
Flash 12.0.0.70 released
FYI...
Flash 12.0.0.70 released
- http://helpx.adobe.com/security/prod...apsb14-07.html
Feb 20, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0498 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0499 - 7.8 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0502 - 10.0 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..."
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70.
- Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.
- Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.
- Users of Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628.
- Users of the Adobe AIR 4.0.0.1390 SDK and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK.
- Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK & Compiler...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
Adobe AIR
- http://get.adobe.com/air/
___
- https://secunia.com/advisories/57057/
Release Date: 2014-02-21
Criticality: Extremely Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
Solution:
Update to a fixed version...
:fear: :fear:
-
Flash 12.0.0.77 released
FYI...
Flash 12.0.0.77 released
- http://helpx.adobe.com/security/prod...apsb14-08.html
March 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0503 - 6.4
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0504 - 5.0
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. These updates address -important- vulnerabilities, and Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.77
- Users of Adobe Flash Player 11.2.202.341 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.346
- Adobe Flash Player 12.0.0.70 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.77 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.0.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.1...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
:fear:
-
Shockwave 12.0.9.150 released
FYI...
Shockwave 12.0.9.150 released
- http://helpx.adobe.com/security/prod...apsb14-10.html
March 13, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0505 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.9.149 and earlier versions on the Windows and Macintosh operating systems. This update addresses a -critical- vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to Adobe Shockwave Player 12.1.0.150 using the instructions provided in the "Solution" section...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to the newest version 12.1.0.150, available here:
- http://get.adobe.com/shockwave/
___
- https://secunia.com/advisories/57277/
Release Date: 2014-03-14
Criticality: Highly Critical
Where: From remote
Impact: System access...
... vulnerability is reported in versions 12.0.9.149 and prior running on Windows and Macintosh.
Solution: Update to version 12.1.0.150.
:fear:
-
Flash exploit in-the-wild ...
FYI...
Flash exploit in-the-wild ...
- http://www.threattracksecurity.com/i...cve-2014-0502/
Mar 21, 2014 - "... new exploit in the wild going after a known Adobe vulnerability... detected the file cc.swf delivered via the malicious link hxxp ://java-sky .com/swf/cc.swf**... Only 7/51 antivirus vendors on VirusTotal* detect the malicious payload at the time of this post..."
* https://www.virustotal.com/en/file/8...d87f/analysis/
** 50.62.99.1 - https://www.virustotal.com/en/ip-add...1/information/
- http://google.com/safebrowsing/diagnostic?site=AS:26496
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0502 - 10.0 (HIGH)
Latest Flash version 12.0.0.77
- http://forums.spybot.info/showthread...l=1#post451165
Flash test site:
- http://www.adobe.com/software/flash/about/
:mad: :fear:
-
Flash 13.0.0.182 released
FYI...
Flash 13.0.0.182 released
- http://helpx.adobe.com/security/prod...apsb14-09.html
Release date: April 8, 2014
Vulnerability identifier: APSB14-09
CVE number: CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.182
- Users of Adobe Flash Player 11.2.202.346 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.350.
- Adobe Flash Player 12.0.0.77 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.182 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.77 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.0.
- Adobe Flash Player 12.0.0.77 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.1.
- Users of Adobe AIR 4.0.0.1628 and earlier versions for Android should update to Adobe AIR 13.0.0.83.
- Users of the Adobe AIR 4.0.0.1628 SDK and earlier versions should update to the Adobe AIR 13.0.0.83 SDK.
- Users of the Adobe AIR 4.0.0.1628 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.83 SDK & Compiler...
* Beginning May 13, 2014, Adobe Flash Player 13 for Mac and Windows will replace version 11.7 as the extended support version. Adobe recommends users upgrade to version 13 to continue to receive security updates. See this blog post for further details:
- http://blogs.adobe.com/flashplayer/2...t-release.html
___
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
:fear:
-
Adobe Reader Mobile 11.2 released
FYI...
Adobe Reader Mobile 11.2 released
- http://helpx.adobe.com/security/prod...apsb14-12.html
April 14, 2014
CVE Number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-0514 - 9.3
Platform: Android
Summary: Adobe has released a security update for Adobe Reader Mobile for the Android operating system. This update addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users update their product installations...
Solution: Adobe recommends users of Adobe Reader Mobile update to the newest version, available here:
- https://play.google.com/store/apps/d...m.adobe.reader
This update addresses a critical vulnerability in the software..."
___
- https://secunia.com/advisories/57928/
Release Date: 2014-04-15
Criticality: Highly Critical
Where: From remote
Impact: System access ...
CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-0514
... vulnerability is reported in versions 11.1.3 and prior.
Solution: Update to version 11.2.
Original Advisory: APSB14-12:
- http://helpx.adobe.com/security/prod...apsb14-12.html
:fear::fear:
-
Flash 13.0.0.206 released
FYI...
Flash 13.0.0.206 released
- https://helpx.adobe.com/security/pro...apsb14-13.html
April 28, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0515 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 13.0.0.182 and earlier versions for Windows should update to Adobe Flash Player 13.0.0.206.
• Users of Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh should update to Adobe Flash Player 13.0.0.206.
• Users of Adobe Flash Player 11.2.202.350 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.356.
• Adobe Flash Player 13.0.0.182 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.206 for Windows, Macintosh and Linux.
• Adobe Flash Player 13.0.0.182 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.0.
• Adobe Flash Player 13.0.0.182 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.1...
___
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
___
- http://atlas.arbor.net/briefs/index#-638897988
Extreme Severity
01 May 2014
... critical flaw (CVE-2014-0515*) in Flash Player currently being exploited...
* https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0515 - 10.0
Last revised: 05/31/2014 - "... as exploited in the wild in April 2014"
:fear::fear:
-
Flash 13.0.0.214, Reader/Acrobat 11.0.07, Illustrator hotfix released
FYI...
Flash 13.0.0.214 released
- https://helpx.adobe.com/security/pro...apsb14-14.html
May 13, 2014
CVE number: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.214.
- Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359.
- Adobe Flash Player 13.0.0.206 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.214 for Windows, Macintosh and Linux.
- Adobe Flash Player 13.0.0.206 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.0.
- Adobe Flash Player 13.0.0.206 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.1.
- Users of the Adobe AIR 13.0.0.83 SDK and earlier versions should update to the Adobe AIR 13.0.0.111 SDK.
- Users of the Adobe AIR 13.0.0.83 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.111 SDK & Compiler...
___
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
___
Reader/Acrobat 11.0.07 released
- https://helpx.adobe.com/security/pro...apsb14-15.html
May 13, 2014
CVE numbers: CVE-2014-0511, CVE-2014-0512, CVE-2014-0521, CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0525, CVE-2014-0526, CVE-2014-0527, CVE-2014-0528, CVE-2014-0529
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.06) for Windows and Macintosh should update to Adobe Reader XI (11.0.07).
- For users of Adobe Reader X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.07), Adobe has made available the update Adobe Reader X (10.1.10).
- Users of Adobe Acrobat XI (11.0.06) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.07).
- For users of Adobe Acrobat X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.07), Adobe has made available the update Adobe Acrobat X (10.1.10)...
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates ...
___
Illustrator hotfix released
- https://helpx.adobe.com/security/pro...apsb14-11.html
May 13, 2014
CVE number: CVE-2014-0513
Platform: Windows and Macintosh
Summary: Adobe has released a security hotfix for Adobe Illustrator (CS6) for Windows and Macintosh. This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... Adobe recommends users update their software installations by following these instructions:
- https://helpx.adobe.com/security/pro...6%20Hotfix.pdf
This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0513)...
:fear:
-
Flash 14.0.0.125 released
FYI...
Flash 14.0.0.125 released
- https://helpx.adobe.com/security/pro...apsb14-16.html
June 10, 2014
CVE numbers: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.359 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.125.
- Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.378.
- Adobe Flash Player 13.0.0.214 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux.
- Adobe Flash Player 13.0.0.214 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.0.
- Adobe Flash Player 13.0.0.214 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.1.
- Users of the Adobe AIR 13.0.0.111 SDK and earlier versions should update to the Adobe AIR 14.0.0.110 SDK.
- Users of the Adobe AIR 13.0.0.111 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.110 SDK & Compiler.
- Users of Adobe AIR 13.0.0.111 and earlier versions for Android should update to Adobe AIR 14.0.0.110.
- Users of Adobe AIR 13.0.0.111 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.110.
___
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://helpx.adobe.com/flash-player.html
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030368
CVE Reference: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
Jun 10 2014
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.214 and prior (Windows/Mac); 11.2.202.359 and prior (Linux)...
Solution: The vendor has issued a fix (14.0.0.125 for Windows/Mac, 11.2.202.378 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.com/security/prod...apsb14-16.html
:fear:
-
Flash 14.0.0.145 released
FYI...
Flash 14.0.0.145 released
- https://helpx.adobe.com/security/pro...apsb14-17.html
July 8, 2014
CVE number: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.378 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.145.
- Users of Adobe Flash Player 11.2.202.378 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.394.
- Adobe Flash Player 14.0.0.125 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.145 for Windows, Macintosh and Linux.
- Adobe Flash Player 14.0.0.125 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.0.
- Adobe Flash Player 14.0.0.125 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.1.
- Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK.
- Users of the Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.137 SDK & Compiler.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Android should update to Adobe AIR 14.0.0.137...
___
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030533
CVE Reference: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
Jul 8 2014
Impact: Disclosure of system information, Disclosure of user information, Modification of user information, Not specified, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.125 and prior (for Windows/Mac), 11.2.202.378 and prior (for Linux)...
Solution: The vendor has issued a fix (14.0.0.145 for Windows/Mac, 11.2.202.394 for Linux)...
:fear:
-
Adobe Flash, Reader, Acrobat updated ...
FYI...
Flash 14.0.0.179 released
- https://helpx.adobe.com/security/pro...apsb14-18.html
Aug 12, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0538 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0540 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0541 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0542 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0543 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0544 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0545 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.394 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Active X plugin for Internet Explorer version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.176.
- Users of the Adobe Flash Player Windows NPAPI plugin for Firefox version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.179.
- Users of the Adobe Flash Player version 14.0.0.145 and earlier for Macintosh should update to Adobe Flash Player 14.0.0.176.
- Users of Adobe Flash Player 11.2.202.394 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.400.
- Adobe Flash Player 14.0.0.145 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.177 for Windows, Macintosh and Linux.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.0.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.1.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.
- Users of the Adobe AIR 14.0.0.137 SDK and earlier versions should update to the Adobe AIR 14.0.0.178 SDK.
- Users of the Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.178 SDK & Compiler.
- Users of Adobe AIR 14.0.0.137 and earlier versions for Android should update to Adobe AIR 14.0.0.179...
- https://www.adobe.com/products/flash...ribution3.html
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
Reader/Acrobat 11.0.08 released
- https://helpx.adobe.com/security/pro...apsb14-19.html
Aug 12, 2014
CVE numbers: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0546 - 10.0 (HIGH)
Platform: Windows
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected. Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11...
Solution: Reader, Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
___
- http://www.securitytracker.com/id/1030712
CVE Reference: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.145 and prior (Windows/Mac); 11.2.202.394 and prior (Linux) ...
Impact: A remote user can create content that, when loaded by the target user, will bypass security features and execute arbitrary code on the target user's system...
- http://www.securitytracker.com/id/1030711
CVE Reference: CVE-2014-0546
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 11.0.07 and prior ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system...
___
- https://atlas.arbor.net/briefs/index#1185576709
Extreme Severity
14 Aug 2014
Analysis: At least one security issue patched this month (CVE-2014-0546) has already been exploited in limited targeted attacks. The flaw, affecting Windows versions of Reader and Acrobat, is a sandbox bypass vulnerability that could allow an attacker to run native code with escalated privileges. [ https://securelist.com/blog/research...reader-update/ ] Meanwhile, the update for Flash Player is rated as 'critical' and should also be applied as soon as possible. According to a report on attack trends of the first half of 2014, Adobe Flash is the primary browser plugin targeted by zero-day attacks. [ http://www.bromium.com/sites/default...eat_report.pdf ] As Flash is required by many web sites, users can take advantage of the 'click to play' feature found in Chrome, Firefox, and Opera web browsers as a security measure.
:fear::fear:
-
Flash 15.0.0.152 released
FYI...
Flash 15.0.0.152 released
- https://helpx.adobe.com/security/pro...apsb14-21.html
Sep 9, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0547 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0548 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0549 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0550 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0551 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0552 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0553 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0554 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0555 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0556 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0557 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0559 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.152.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.244.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.406.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime, SDK and SDK and Compiler should update to version 15.0.0.249.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.252...
For I/E:
- http://download.macromedia.com/get/f...5_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/f..._15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1030822
CVE Reference: CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
Sep 9 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.179 and prior; 13.0.0.241 and prior 13.x versions ...
Solution: The vendor has issued a fix (13.0.0.244 Extended Release, 15.0.0.152 for Windows/Mac, 11.2.202.406 for Linux).
:fear:
-
Adobe Reader / Acrobat 11.0.09 released
FYI...
Adobe Reader / Acrobat 11.0.09 released
- https://helpx.adobe.com/security/pro...apsb14-20.html
Sep 16, 2014
CVE Numbers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09.
- For users of Adobe Reader X (10.1.11) and earlier versions who cannot update to version 11.0.09, Adobe has made available version 10.1.12.
- Users of Adobe Acrobat XI (11.0.08) and earlier versions should update to version 11.0.09.
- For users of Adobe Acrobat X (10.1.11) and earlier versions, who cannot update to version 11.0.09, Adobe has made available version 10.1.12...
The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
___
- http://www.securitytracker.com/id/1030853
CVE Reference: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
Sep 16 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.11 and prior; 11.0.08 and prior...
Solution: The vendor has issued a fix (10.1.12, 11.0.09).
___
- https://atlas.arbor.net/briefs/index#-778103136
Extreme Severity
19 Sep 2014
:fear:
-
Flash 15.0.0.189 released, ColdFusion updates...
FYI...
Flash 15.0.0.189 released
- https://helpx.adobe.com/security/pro...apsb14-22.html
Oct 14, 2014
CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...
For I/E:
- http://download.macromedia.com/get/f...5_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/f..._15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
- http://www.securitytracker.com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.com/security/prod...apsb14-22.html
___
ColdFusion hotfixes available
- https://helpx.adobe.com/security/pro...apsb14-23.html
Oct 14, 2014
CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Platform: All Platforms
Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
Affected software versions:
ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.com/coldfusion/kb...apsb14-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
___
- http://www.securitytracker.com/id/1031020
CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Oct 14 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
Solution: The vendor has issued a hotfix.
:fear::fear:
-
Flash 15.0.0.223 released
FYI...
Flash 15.0.0.223 released
- https://helpx.adobe.com/security/pro...apsb14-24.html
Nov 11, 2014
CVE number: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356...
For I/E:
- http://download.macromedia.com/get/f...5_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/f..._15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
___
- http://www.securitytracker.com/id/1031182
CVE Reference: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Nov 11 2014
Impact: Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Solution: The vendor has issued a fix (15.0.0.223 for Windows/Mac, ESR 13.0.0.252, 11.2.202.418 for Linux)...
:fear:
-
Flash 15.0.0.239 released
FYI...
UPDATE: https://www.f-secure.com/weblog/archives/00002768.html
Nov 25, 2014 - "... the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569)... Kafeine* reported Angler exploiting this vulnerability... followed by Astrum and Nuclear exploit kits..."
* http://malware.dontneedcoffee.com/20...2014-0569.html
Flash 15.0.0.239 released
- https://helpx.adobe.com/security/pro...apsb14-26.html
November 25, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-8439 - 7.5 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release (reference http://helpx.adobe.com/security/prod...apsb14-22.html).
- Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.258.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.424.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
Affected software versions
- Adobe Flash Player 15.0.0.223 and earlier versions
- Adobe Flash Player 13.0.0.252 and earlier 13.x versions
- Adobe Flash Player 11.2.202.418 and earlier versions for Linux
- To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.239 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.258 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.424 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.239 on Windows and 15.0.0.242 on Macintosh.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.239...
For I/E:
- http://download.macromedia.com/get/f...5_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/f..._15_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1031259
https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-8439 - 7.5 (HIGH)
Nov 25 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 15.0.0.239 ...
:fear::fear:
-
Adobe Prenotification Security Advisory for Reader / Acrobat
FYI...
Adobe Prenotification Security Advisory for Reader / Acrobat
- https://helpx.adobe.com/security/pro...apsb14-28.html
Dec 4, 2014 - "Summary: Adobe is planning to release security updates on Tuesday, December 9, 2014 for Adobe Reader and Acrobat for Windows and Macintosh. Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at:
- http://blogs.adobe.com/psirt
(Note: This Security Advisory will be replaced with the Security Bulletin upon release of the update.)
Affected software versions
Adobe Reader XI (11.0.09) and earlier versions
Adobe Reader X (10.1.12) and earlier versions
Adobe Acrobat XI (11.0.09) and earlier versions
Adobe Acrobat X (10.1.12) and earlier versions .
:fear::fear:
-
Flash 16.0.0.235, Reader/Acrobat 11.0.10, ColdFusion Hotfixes released
FYI...
Flash 16.0.0.235 released
- https://helpx.adobe.com/security/pro...apsb14-27.html
Dec 9, 2014
CVE number: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.
Note: Users who have been updated to version 15.0.0.246 are not affected by CVE-2014-9163.
Affected software versions:
Adobe Flash Player 15.0.0.242 and earlier versions
Adobe Flash Player 13.0.0.258 and earlier 13.x versions
Adobe Flash Player 11.2.202.424 and earlier versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.235 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.259 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.425 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.235.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.235...
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site:
- http://www.adobe.com/software/flash/about/
- http://www.securitytracker.com/id/1031316
CVE Reference: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Dec 9 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 13.0.0.258 and prior 13.x versions; 15.0.0.242 and prior; 11.2.202.424 and prior for Linux...
Solution: The vendor has issued a fix (16.0.0.235 for Windows/Mac, 13.0.0.259 ESR, 11.2.202.425 for Linux).
___
Adobe Reader/Acrobat 11.0.10 released
- https://helpx.adobe.com/security/pro...apsb14-28.html
Dec 9, 2014
CVE numbers: CVE-2014-9165, CVE-2014-8445, CVE-2014-9150, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9158, CVE-2014-9159
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Reader X (10.1.12) and earlier versions should update to version 10.1.13.
- Users of Adobe Acrobat XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Acrobat X (10.1.12) and earlier versions should update to version 10.1.13.
Affected software versions:
Adobe Reader XI (11.0.09) and earlier 11.x versions
Adobe Reader X (10.1.12) and earlier 10.x versions
Adobe Acrobat XI (11.0.09) and earlier 11.x versions
Adobe Acrobat X (10.1.12) and earlier 10.x versions
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloa...atform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloa...form=Macintosh
Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloa...atform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloa...form=Macintosh
- http://www.securitytracker.com/id/1031322
CVE Reference: CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-9150, CVE-2014-9165
Dec 9 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.12 and prior 10.x; 11.0.09 and prior 11.x ..
Solution: The vendor has issued a fix (10.1.13, 11.0.10).
___
ColdFusion Hotfixes available
- https://helpx.adobe.com/security/pro...apsb14-29.html
Dec 9, 2014
CVE numbers: CVE-2014-9166
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address a resource consumption issue that could potentially result in a denial of service. ColdFusion 9.x versions are not affected by this issue.
Affected software versions: ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
- ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...-update-3.html
- ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-15.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide.
... These hotfixes address a resource consumption issue that could potentially result in a denial of service (CVE-2014-9166)...
- http://www.securitytracker.com/id/1031321
CVE Reference: CVE-2014-9166
Dec 9 2014
Impact: Denial of service via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11
Description: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (10 Update 15, 11 Update 3).
:fear::fear::fear:
-
Flash 16.0.0.257 released
FYI..
Flash 16.0.0.257 released
- https://helpx.adobe.com/security/pro...apsb15-01.html
Jan 13, 2015
CVE number: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.257.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.260.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.429.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.257.
- Users of the Adobe AIR desktop runtime should update to version 16.0.0.245.
- Users of the Adobe AIR SDK and AIR SDK and Compiler should update to version 16.0.0.272.
- Users of Adobe AIR for Android should update to version 16.0.0.272...
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
AIR download:
- http://get.adobe.com/air/
NOTE: IF you are running Malwarebytes Anti-Exploit, at the moment there seems to be a conflict with this Flash download that needs resolution w/MBAE or vice-versa - until it is resolved, you may need to temporarily disable MBAE during the Flash download until it is.
___
- http://www.securitytracker.com/id/1031525
CVE Reference: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Jan 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (16.0.0.257 for Windows and Mac, ESR 13.0.0.260, 11.2.202.429 for Linux)...
:fear:
-
Flash 16.0.0.287 released
FYI...
Flash 16.0.0.287 released
- https://helpx.adobe.com/security/pro...apsb15-02.html
Jan 22, 2015
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0310
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a -separate- exploit for Flash Player 16.0.0.287 and earlier also exists in the wild. For the latest information, please refer to the PSIRT blog here*.
* http://blogs.adobe.com/psirt/
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.
Affected software versions
- Adobe Flash Player 16.0.0.257 and earlier versions
- Adobe Flash Player 13.0.0.260 and earlier 13.x versions
- Adobe Flash Player 11.2.202.429 and earlier versions for Linux
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.287 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.262 by visiting:
> http://helpx.adobe.com/flash-player/...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.438 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.287.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.287.
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://helpx.adobe.com/security/pro...apsa15-01.html
Updated: Jan 22, 2015 - "... We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26..."
___
- http://www.securitytracker.com/id/1031609
CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-0310
Jan 22 2015
Impact: Disclosure of system information
Fix Available: Yes Vendor Confirmed: Yes
This vulnerability is being actively exploited...
Version(s): 16.0.0.257 and prior; 13.0.0.260 and prior 13.x versions ...
Solution: The vendor has issued a fix (16.0.0.287, ESR 13.0.0.262)...
:fear::fear:
-
Flash 16.0.0.296 available
FYI...
Flash 16.0.0.296 available
- https://helpx.adobe.com/security/pro...apsa15-01.html
Updated: Jan 24, 2015
Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11...
Revisions
January 24, 2015: Updated to include Flash Player version delivered via auto-update.
January 24, 2015: Updated to reflect reports that Windows 8.1 is also affected by CVE-2015-0311.
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0311 - 10.0 (HIGH)
Last revised: 01/26/2015 - "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."
>> https://www.adobe.com/products/flash...ribution3.html
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://isc.sans.edu/forums/diary/St...m+Adobe/19229/
Last Updated: 2015-01-25 02:58:36 UTC See 'Comments'...
___
- https://www.us-cert.gov/ncas/current...e-Flash-Player
Jan 26, 2015
> https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0311 - 10.0 (HIGH)
:spider: :fear:
-
Flash 16.0.0.296 ...
FYI...
Flash 16.0.0.296 ...
- https://helpx.adobe.com/security/pro...apsb15-03.html
Jan 27, 2015
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0311 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0312 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0311 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.264.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.440.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.296.
>> https://www.adobe.com/products/flash...ribution3.html
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
- https://isc.sans.edu/diary.html?storyid=19249
Last Updated: 2015-01-28 20:23:05 UTC - "... Given that we are seeing exploits in the wild, the criticality of this exploit should be re-evaluated for prioritization and implementation..."
___
- http://www.securitytracker.com/id/1031634
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0312 - 10.0 (HIGH)
Jan 27 2015
:fear::fear:
-
Flash 16.0.0.305 ...
FYI...
Flash 16.0.0.305 ...
- https://helpx.adobe.com/security/pro...apsa15-02.html
Last updated: Feb 4, 2015 - updated to include Flash Player version delivered via auto-update.
CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-0313 - 10.0 (HIGH)
UPDATE (February 4): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February -5- and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post*.
* https://forums.adobe.com/thread/1152367
___
- https://helpx.adobe.com/security/pro...apsb15-04.html
Feb 5, 2015
CVE number: CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0313 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.305 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.269 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.442 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.305.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.305...
Revisions: Feb 19, 2015: Added reference to CVE-2015-0331, which was resolved in 16.0.0.305, 13.0.0.269 and 11.2.202.442 but inadvertently omitted from the bulletin.
For IE:
- http://download.macromedia.com/get/f...6_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._16_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
__
- http://atlas.arbor.net/briefs/index#-1434008395
Feb 05, 2015 20:35 - "... a malvertising-directed compromise campaign involving the Angler exploit kit distributing the exploit code from approximately 1800 -malicious- sub-domains...
As of February 5 2015, the CVE-2015-0311 has been incorporated into another exploit kit known as Sweet Orange [ https://twitter.com/kafeine/status/5...826048/photo/1 ]. Organizations should ensure that robust patching and hardening tactics are used in order to prevent exploitation from commodity exploit kits as well as targeted attacks."
___
- http://www.securitytracker.com/id/1031706
CVE Reference: CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Feb 5 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 16.0.0.296 and prior (Windows/Mac); 13.0.0.264 and prior 13.x; 11.2.202.440 and prior (Linux)...
Solution: The vendor has issued a fix (16.0.0.305, ESR 13.0.0.269, 11.2.202.442 for Linux).
The vendor's advisory is available at:
- https://helpx.adobe.com/security/pro...apsb15-04.html
:fear:
-
Flash 17.0.0.134 ...
FYI...
Flash 17.0.0.134 ...
- https://helpx.adobe.com/security/pro...apsb15-05.html
Mar 12, 2015
CVE number: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.134.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.451.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.134...
For IE:
- http://download.macromedia.com/get/f...7_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/f..._17_plugin.exe
Flash test site: http://www.adobe.com/software/flash/about/
___
- http://www.securitytracker.com/id/1031922
CVE Reference: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Mar 13 2015
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 16.0.0.305 and prior...
Solution: The vendor has issued a fix (17.0.0.134, ESR 13.0.0.277, 11.2.202.451 for Linux).
:fear::fear: