Flash v11.3.300.268 released
FYI...
Flash v11.3.300.268 released
- http://forums.adobe.com/message/4582208#4582208
Jul 26, 2012 - "Flash Player 11.3.300.268 for Windows and Macintosh was released to address stability issues when browsing and playing Flash content. For full details on the 11.3 release, please see our release notes*..."
* http://www.adobe.com/support/documen...easenotes.html
Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
2012.07.27
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.268
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.268
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.268
:fear:
Flash v11.3.300.270 released
FYI...
Flash v11.3.300.270 released
- http://forums.adobe.com/message/4594596#4594596
Aug 2, 2012 - "... Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi's (available on the distribution page.) No other platforms are affected... Please be aware that this release is -not- available from the Product Download Center (get.adobe.com/flashplayer) which will continue to provide 11.3.300.268. We realize that this might cause confusion for some users. Due to the severity of this issue, we decided to make this build available immediately to help customers affected by this bug. Due to logistical issues and time constraints, we were unable to update the release on the Product Download Center. The next release of Flash Player will correct this disparity. Please note that unless you have been affected by the FlashPlayerUpdateService.exe crash, both 11.3.300.270 and 11.3.300.268 will be functionally identical. This release will be distributed using the following methods:
• Silent auto update - If enabled and functional, the silent auto update service will automatically install this build within 24 hours.
• Direct download - You can download the installers directly using the links below
IE:
- http://download.macromedia.com/pub/f..._player_ax.exe
Plugin-based browsers:
- http://download.macromedia.com/pub/f...ash_player.exe
___
- https://blogs.adobe.com/psirt/2012/0...d-acrobat.html
August 9, 2012 - "... upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 14, 2012..."
> http://www.adobe.com/go/apsb12-16
Adobe warns of critical holes in Reader, Acrobat
- http://atlas.arbor.net/briefs/
Severity: High Severity
August 09, 2012
Adobe is releasing patches on August 14th to resolve security holes.
Analysis: ... keep these packages up-to-date with automatic update features and ensure updates are applied. Extra layers of hardening around software that integrates with the browser and email client is recommended as these are frequently attacked...
:fear:
Flash-Reader-Acrobat-Shockwave critical updates - 2012.08.14 ...
FYI...
> https://www.adobe.com/support/security/
Flash updates v11.3.300.271 / v11.2.202.238 released
- https://www.adobe.com/support/securi...apsb12-18.html
August 14, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1535 - 9.3 (HIGH)
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.271.
- Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 21.0.1180.79...
Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://secunia.com/advisories/50285/
Last Update: 2012-08-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1535
... vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.
Solution: Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.
Original Advisory: Adobe:
http://www.adobe.com/support/securit...apsb12-18.html
___
Adobe Shockwave v11.6.6.636 released
- https://www.adobe.com/support/securi...apsb12-17.html
August 14, 2012
CVE number: CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
Platform: Windows and Macintosh
Summary:Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system...
Solution: Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to the newest version 11.6.6.636, available here:
http://get.adobe.com/shockwave/ ...
- https://secunia.com/advisories/50283/
Release Date: 2012-08-14
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 11.6.6.636.
Original Advisory: Adobe:
http://www.adobe.com/support/securit...apsb12-17.html
___
Adobe Reader/Acrobat X v10.1.4 released
- https://www.adobe.com/support/securi...apsb12-16.html
August 14, 2012
CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
[Adobe Reader/Acrobat 9.x -before- 9.5.2 and 10.x -before- 10.1.4 on Windows and Mac OS X]
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
Users of Adobe Reader X (10.1.3) and earlier versions for Windows and Macintosh should update to Adobe Reader X (10.1.4).
For users of Adobe Reader 9.5.1 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.4), Adobe has made available the update Adobe Reader 9.5.2.
Users of Adobe Acrobat X (10.1.3) for Windows and Macintosh should update to Adobe Acrobat X (10.1.4).
Users of Adobe Acrobat 9.5.1 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloa...atform=Windows
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloa...form=Macintosh ...
- https://secunia.com/advisories/50281/
Last Update: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix ...
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
Solution: Apply updates if available.
Original Advisory: Adobe:
http://www.adobe.com/support/securit...apsb12-16.html
- https://secunia.com/advisories/50290/
Release Date: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
... vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: No official solution is currently available...
Original Advisory: http://j00ru.vexillium.org/?p=1175
>> http://h-online.com/-1668153
15 August 2012
:fear::fear::fear:
Flash v11.4.402.265 released
Win8 users vulnerable to active Flash exploits
- https://www.computerworld.com/s/arti...Flash_exploits
Sep 08, 2012
___
- https://krebsonsecurity.com/2012/08/...fixes-5-flaws/
Aug. 21, 2012 - "For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild..."
Flash v11.4.402.265 released
- https://www.adobe.com/support/securi...apsb12-19.html
August 21, 2012
CVE number: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
Platform: All Platforms
Details: Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh
Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
Revisions: Aug 30, 2012 - Added information regarding CVE-2012-4171
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4171
08/31/2012
Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
___
>> http://get.adobe.com/air/
Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.
> These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168)...
- https://www.adobe.com/support/securi...y_ratings.html
"Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours)."
___
- https://secunia.com/advisories/50354/
Release Date: 2012-08-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com/support/securit...apsb12-19.html
- http://www.securitytracker.com/id/1027422
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4163 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4164 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4165 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4166 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4167 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4168 - 4.3
Aug 22 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.3.300.271 and prior
Solution: The vendor has issued a fix (11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x)...
:fear::fear:
ColdFusion DoS vuln/hotfix
FYI...
ColdFusion DoS vuln/hotfix
- https://secunia.com/advisories/50523/
Release Date: 2012-09-11
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: Adobe ColdFusion 10.x, 8.x, 9.x
CVE Reference: CVE-2012-2048
Original Advisory: http://www.adobe.com/support/securit...apsb12-21.html
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.com/coldfusion/kb...apsb12-21.html .
___
- http://www.securitytracker.com/id/1027516
Sep 11 2012
:fear:
Adobe revocation of code signing certificate
FYI...
Adobe revocation of code signing certificate
- https://www.adobe.com/support/securi...apsa12-01.html
Sep 27, 2012 - "Summary: Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates signed using a new digital certificate for all affected products...
Affected software versions: The vast majority of Adobe customers will not be impacted by this issue. However, some customers, in particular administrators in managed Windows environments, may need to take certain action. To determine whether you or your organization are impacted, please refer to the support page on the Adobe website*...
* http://helpx.adobe.com/x-productkb/g...e-updates.html
- http://nakedsecurity.sophos.com/2012...-sign-malware/
Sep 28, 2012 - "... the issue appears to have been the result of hackers compromising a vulnerable build server. Malware seen using the digital signature includes pwdump7 v 7.1 (a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll). According to Adobe, the second malicious utility is myGeeksmail.dll, a malicious ISAPI filter..."
- https://isc.sans.edu/diary.html?storyid=14194
Last Updated: 2012-09-28
- http://h-online.com/-1719955
28 Sep 2012
:fear:
Adobe revokes certificate ...
FYI...
Adobe revokes certificate ...
- https://www.adobe.com/support/securi...apsa12-01.html
Last updated: Oct 4, 2012 - "... Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products. The following certificate has been revoked and the certificate revocation list (CRL) is available at:
http://csc3-2010-crl.verisign.com/CSC3-2010.crl ..."
___
Adobe Cert Used to Sign Malware ...
- http://atlas.arbor.net/briefs/index#666340356
Oct 05, 2012
- https://blogs.technet.com/b/mmpc/arc...edirected=true
3 Oct 2012
:fear:
Flash v11.4.402.287 - AIR v3.4.0.2710 released
FYI...
Flash v11.4.402.287 / AIR v3.4.0.2710 released
- https://www.adobe.com/support/securi...apsb12-22.html
Oct 8, 2012
CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.4.402.278 and earlier versions for Windows and Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh should update to Adobe Flash Player 11.4.402.287.
• Users of Adobe Flash Player 11.2.202.238 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.243.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version*, which will include Adobe Flash Player 11.3.375.10 for Windows.
• Users of Adobe Flash Player 11.1.115.17 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.20.
• Users of Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.19.
• Users of Adobe AIR 3.4.0.2540 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
• Users of the Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2710 SDK.
• Users of the Adobe AIR 3.4.0.2540 and earlier versions for Android should update to the Adobe AIR 3.4.0.2710...
These updates address critical vulnerabilities in the software...
Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
- https://www.us-cert.gov/current/#ado...bulletin_for15
Oct 10, 2012 - Flash v11.4.402.287 released...
___
>> http://get.adobe.com/air/
___
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
* https://technet.microsoft.com/en-us/...visory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.microsoft.com/kb/2758994
___
- https://secunia.com/advisories/50876/
Release Date: 2012-10-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/securit...apsb12-22.html
:fear::fear:
Shockwave v11.6.8.638 released
FYI...
Shockwave v11.6.8.638 released
- https://www.adobe.com/support/securi...apsb12-23.html
Oct 23, 2012
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4172 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4173 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4174 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4175 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4176 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5273 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638...
... newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/
... This update addresses critical vulnerabilities in the software...
- https://secunia.com/advisories/51090/
Release Date: 2012-10-24
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
Solution: Update to version 11.6.8.638.
:fear:
Flash v11.5.502.110 released
FYI...
Flash v11.5.502.110 released
- https://www.adobe.com/support/securi...apsb12-24.html
Nov 6, 2012
CVE number:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5274 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5275 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5276 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5277 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5278 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5279 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5280 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
These updates address -critical- vulnerabilities in the software...
Download:
> https://www.adobe.com/products/flash...ribution3.html
Flash test site: http://www.adobe.com/software/flash/about/
>> http://get.adobe.com/air/
> http://helpx.adobe.com/flash-player/...ase_notes.html
___
- https://secunia.com/advisories/51213/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to a fixed version.
Original Advisory: Adobe (APSB12-24):
http://www.adobe.com/support/securit...apsb12-24.html
:fear::fear: