Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash Player - CVE-2016-1019
- https://helpx.adobe.com/security/pro...apsa16-01.html
April 5, 2016
CVE number: CVE-2016-1019
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: "A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version -20.0.0.306- and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently -prevents- exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7..."
> https://blogs.adobe.com/psirt/?p=1330
April 5, 2016 - "... critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier..."

[AplusWebMaster]

FYI...

Flash 23.0.0.185 released
- https://helpx.adobe.com/security/pro...apsb16-32.html
Oct 11, 2016
CVE number: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.185 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.382 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.637 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.185 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.185.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1036985
CVE Reference: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Oct 11 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.162 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (23.0.0.185; ESR 18.0.0.382; 11.2.202.637 for Linux)...
___

Acrobat / Reader 15.020.20039 released
- https://helpx.adobe.com/security/pro...apsb16-33.html
Oct 11, 2016
CVE numbers: CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/
or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.

>> https://www.adobe.com/support/downloads/new.jsp

Acrobat for Windows: https://www.adobe.com/support/downlo...atform=Windows

Adobe Reader for Windows: https://www.adobe.com/support/downlo...atform=Windows
___

Creative Cloud 3.8.0.310 released
- https://helpx.adobe.com/security/pro...apsb16-34.html
Oct 11, 2016
CVE number: CVE-2016-6935
Platform: Windows
Summary: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an unquoted search path vulnerability in the Creative Cloud Desktop Application...
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Creative Cloud Desktop Application - Creative Cloud 3.8.0.310 - Windows
For more details, visit: https://www.adobe.com/creativecloud/desktop-app.html
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
> https://helpx.adobe.com/creative-clo...-licenses.html
Refer to this help page* for more information on the Creative Cloud Packager.
* https://helpx.adobe.com/creative-cloud/packager.html

[AplusWebMaster]

FYI...

Flash 26.0.0.126 released
- https://helpx.adobe.com/security/pro...apsb17-17.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.120.
Please visit the Flash Player Help page* for assistance in installing Flash Player.
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
* https://helpx.adobe.com/flash-player.html

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1038655
CVE Reference: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
Jun 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.171 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (26.0.0.126)...
___

Shockwave 12.2.9.199 released
- https://helpx.adobe.com/security/pro...apsb17-18.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical memory corruption vulnerability that could lead to code execution...
Adobe recommends users of Adobe Shockwave Player 12.2.8.198 and earlier versions for Windows update to Adobe Shockwave Player 12.2.9.199 by visiting the Adobe Shockwave Player Download Center:
> https://get.adobe.com/shockwave/
___

Adobe Captivate 10.0.0.192
- https://helpx.adobe.com/security/pro...apsb17-19.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate...
10.0.0.192: https://helpx.adobe.com/captivate/re...ase-notes.html
Tech note: https://helpx.adobe.com/captivate/kb...captivate.html
___

Adobe Digital Editions 4.5.5
- https://helpx.adobe.com/security/pro...apsb17-20.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe Digital Editions 4.5.5
Windows: https://www.adobe.com/solutions/eboo.../download.html
Macintosh: https://www.adobe.com/solutions/eboo.../download.html
iOS: https://itunes.apple.com/us/app/adob...952977781?mt=8
Android: https://play.google.com/store/apps/d...igitaleditions

[AplusWebMaster]

FYI...

Flash 27.0.0.187 released
- https://helpx.adobe.com/security/pro...apsb17-33.html
11/14/2017 - "... Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to code execution...
Solution: Note: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.187 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.187 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.187.
Please visit the Flash Player Help page for assistance in installing Flash Player.
1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- https://www.securitytracker.com/id/1039778
CVE Reference: CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
Nov 14 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Description: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An out-of-bounds memory read error may occur [CVE-2017-3112, CVE-2017-3114, CVE-2017-11213].
A use-after-free memory error may occur [CVE-2017-11215, CVE-2017-11225]...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.187)...
___

Security updates - Adobe Photoshop CC | APSB17-34
- https://helpx.adobe.com/security/pro...apsb17-34.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039786
___

Security updates - Adobe Connect | APSB17-35
- https://helpx.adobe.com/security/pro...apsb17-35.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039799
___

Security updates - Adobe Acrobat and Reader | APSB17-36
- https://helpx.adobe.com/security/pro...apsb17-36.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039791
___

Security updates - Adobe DNG Converter | APSB17-37
- https://helpx.adobe.com/security/pro...apsb17-37.html
Nov 14, 2017
___

Security updates - InDesign | APSB17-38
- https://helpx.adobe.com/security/pro...apsb17-38.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039785
___

Security updates - Adobe Digital Editions | APSB17-39
- https://helpx.adobe.com/security/pro...apsb17-39.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039798
___

Security update - Shockwave Player | APSB17-40
- https://helpx.adobe.com/security/pro...apsb17-40.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039784
___

Security updates - Adobe Experience Manager | APSB17-41
- https://helpx.adobe.com/security/pro...apsb17-41.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039800
___

> https://www.us-cert.gov/ncas/current...curity-Updates
Nov 14, 2017