Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash Player v11.2.202.228 released
- https://www.adobe.com/support/securi...apsb12-07.html
March 28, 2012
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0772 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0773 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
Platform: All Platforms
Summary: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228... Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223... Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted. For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18... Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device. Users of Adobe AIR 3.1.0.4880 for Windows, Macintosh and Android should update to Adobe AIR 3.2.0.2070...

Download: https://www.adobe.com/products/flash...ribution3.html

AIR 3.2.0.2070: AIR Download Center: http://get.adobe.com/air/

Android Marketplace: https://play.google.com/store/apps/d...shplayer&hl=en

Android Marketplace: https://play.google.com/store/apps/d...=com.adobe.air

Release Notes | Flash Player 11.2, AIR 3.2:
- http://helpx.adobe.com/flash-player/..._20120305.html
___

Flash test site: http://www.adobe.com/software/flash/about/
___

Critical Security Update for Adobe Flash Player
- http://atlas.arbor.net/briefs/index#-330930387
Severity: High Severity
Published: Wednesday, March 28, 2012 19:20
Adobe releases a critical update for Flash Player, and also rolls in a more functional automatic update process.
Analysis: Flash has been hit hard by malware authors and use for all sorts of attacks. In the past, it's patching mechanism has been flawed and difficult to use, especially for the average computer user. Their new background update function* should make this easier.
Source: https://krebsonsecurity.com/2012/03/...lash-player-2/
* http://download.windowssecrets.com/i...9-PW-Flash.jpg

Flash Player / AIR vulns...
- https://secunia.com/advisories/48623/
Release Date: 2012-03-29
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference(s): CVE-2012-0772, CVE-2012-0773
Solution: Update to a fixed version...
Original Advisory: http://www.adobe.com/support/securit...apsb12-07.html

- http://www.securitytracker.com/id/1026859
CVE Reference: CVE-2012-0772, CVE-2012-0773
Date: Mar 28 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): 11.1.102.63 and prior versions...
Solution: The vendor has issued a fix (11.2.202.228 for Windows, Mac, and Linux; 11.2.202.223 for Solaris; 11.1.111.8 for Android 3.x).

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat security updates available
- https://www.adobe.com/support/securi...8.html#Ratings
April 10, 2012
CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
"... Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
- Adobe Reader users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloa...form=Macintosh
- Adobe Reader users on Linux can find the appropriate update here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
- Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Acrobat Standard and Pro users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
- Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
- Acrobat Pro users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloa...form=Macintosh ..."
___

- http://www.securitytracker.com/id/1026908
Date: Apr 10 2012
CVE Reference: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
Impact: Execution of arbitrary code via network, User access via network
Version(s): 9.5 and prior versions; 10.1.2 and prior versions

- https://secunia.com/advisories/48733/
Release Date: 2012-04-11
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote...
... more information:
- https://secunia.com/advisories/48033/
- https://secunia.com/advisories/48281/
- https://secunia.com/advisories/48623/
Solution: Apply updates...

[AplusWebMaster]

FYI...

Flash Player v11.2.202.233 released
- https://www.adobe.com/support/securi...apsb12-07.html
... Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).
April 5, 2012 - Added information on CVE-2012-0724, CVE-2012-0725 and corresponding Google Chrome release.
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0724 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0725 - 10.0 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
___

- http://helpx.adobe.com/flash-player/..._20120305.html
Last updated 2012-04-13
... Current Runtime Release Version(s): Flash Player Desktop: 11.2.202.233
Fixed Issues: Printing to local printer generates unusably large print jobs (3158836)...
.. ??

Download: https://www.adobe.com/products/flash...ribution3.html
___

Flash test site: http://www.adobe.com/software/flash/about/

[AplusWebMaster]

FYI...

Flash Player v11.2.202.235 released - 0-day Fix
- https://www.adobe.com/support/securi...apsb12-09.html
May 4, 2012
CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0779
Platform: All Platforms
Summary: ... an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows* only. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235... Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9...
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible...
> https://blogs.adobe.com/psirt/2012/0...apsb12-09.html

Download: https://www.adobe.com/products/flash...ribution3.html

Android: https://market.android.com/details?i...be.flashplayer
___

Flash test site: http://www.adobe.com/software/flash/about/

Flash Player update closes critical object confusion hole
Severity: High Severity
- http://atlas.arbor.net/briefs/
Published: Monday, May 07, 2012
Adobe Flash update addresses critical security hole.
Analysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks. Attackers will often use newer vulnerabilities and 0days on special targets of high value first. At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives.
Source: http://h-online.com/-1568704

- https://www.us-cert.gov/current/#ado...advisory_for14
May 4, 2012

- http://www.securitytracker.com/id/1027023
May 4 2012 - "... vulnerability is being actively exploited against Flash Player on Internet Explorer in targeted cases. Microsoft Vulnerability Research (MSVR) reported this vulnerability..."

[AplusWebMaster]

FYI...

Adobe Black Tuesday for May 2012
___

APSB12-13 Security update available for Adobe Shockwave Player
- https://www.adobe.com/support/securi...apsb12-13.html
5/8/2012
CVE number: CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033
Platform: Windows and Macintosh
... security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635... available here: http://get.adobe.com/shockwave/ ... addresses -critical- vulnerabilities in the software....

APSB12-12 Security bulletin for Adobe Flash Pro
- https://www.adobe.com/support/securi...apsb12-12.html
5/8/2012
CVE number: CVE-2012-0778
Platform: Windows and Macintosh
... security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has released Adobe Flash Professional CS6, which addresses this vulnerability... (paid upgrade)... addresses a -critical- vulnerability in the software...

APSB12-11 Security bulletin for Adobe Photoshop
- https://www.adobe.com/support/securi...apsb12-11.html
5/8/2012
CVE number: CVE-2012-2027, CVE-2012-2028
Platform: Windows and Macintosh
... security upgrade for Adobe Photoshop CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities... (paid upgrade)... could lead to code execution CVE-2012-2027, Bugtraq ID 52634, which references:
http://www.securityfocus.com/bid/52634/ This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028)... addresses a -critical- vulnerability in the software...

APSB12-10 Security bulletin for Adobe Illustrator
- https://www.adobe.com/support/securi...apsb12-10.html
5/8/2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026
Platform: Windows and Macintosh
... security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities... (paid upgrade)... addresses -critical- vulnerabilities in the software...
___

- https://secunia.com/advisories/49086/ - Shockwave Player
- https://secunia.com/advisories/47116/ - Flash Pro
- https://secunia.com/advisories/48457/ - Photoshop
- https://secunia.com/advisories/47118/ - Illustrator

- http://www.securitytracker.com/id/1027037 - Shockwave Player
- http://www.securitytracker.com/id/1027045 - Flash Pro
- http://www.securitytracker.com/id/1027046 - Photoshop
- http://www.securitytracker.com/id/1027047 - Illustrator

[AplusWebMaster]

FYI...

Adobe to release patches for CS5.x ...
- http://h-online.com/-1574341
12 May 2012 - "Adobe has announced* – through changes to the security advisories it issued earlier this week – that it is developing patches for the critical holes in the CS5.x versions of Adobe Photoshop, Illustrator and Flash Professional, after previously advising users that they needed to buy the just-released CS6 versions of the applications... Adobe has given no schedule for the availability of patches. In the original 8 May advisories, the company had said only that users of these products would need to purchase the upgrade from the CS5 and CS5.5 versions to the, just shipping on 7 May, CS6 versions to close the critical holes they were detailing; a move that was seen as effectively charging for security fixes..."
* https://blogs.adobe.com/psirt/2012/0...apsb12-12.html
May 11, 2012 - "... We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available..."
___

Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability
- https://secunia.com/advisories/49160/
Release Date: 2012-05-15
Criticality level: Highly critical
Solution Status: Unpatched...

Adobe Photoshop...
- http://securitytracker.com/id/1027063
Date: May 15 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): CS5.1; possibly other versions...

[AplusWebMaster]

FYI...

Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) released
- https://www.adobe.com/support/securi...apsb12-10.html
Last updated: June 4, 2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042
Platform: Windows and Macintosh
"... Adobe has released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities highlighted in this security bulletin... users can find the appropriate update for their version/platform here:
Adobe Illustrator CS5 (15.0.3) for Windows
- http://download.adobe.com/pub/adobe/...tor_15.0.3.zip
Adobe Illustrator CS5 (15.0.3) for Macintosh
- http://download.adobe.com/pub/adobe/...tor_15.0.3.dmg
Adobe Illustrator CS5.5 (15.1.1) for Windows
- http://download.adobe.com/pub/adobe/...tor_15.1.1.zip
Adobe Illustrator CS5.5 (15.1.1) for Macintosh
- http://download.adobe.com/pub/adobe/...tor_15.1.1.dmg ..."

Adobe Photoshop vCS5 (12.0.5) and vCS5.1 (12.1.1) released
- https://www.adobe.com/support/securi...apsb12-11.html
Last updated: June 4, 2012
CVE number: CVE-2012-2027, CVE-2012-2028, CVE-2012-2052
Platform: Windows and Macintosh
"... Adobe has released Adobe Photoshop CS5 (12.0.5) and Adobe Photoshop CS5.1 (12.1.1) to address the vulnerabilities highlighted in this security bulletin... Adobe recommends... customers update their product installations by following the instructions provided in the the technote:
http://helpx.adobe.com/photoshop/kb/...photoshop.html ..."