Page 4 of 14 FirstFirst 12345678 ... LastLast
Results 31 to 40 of 139

Thread: Adobe updates/advisories

  1. #31
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion 10 Hotfix available for Windows

    FYI...

    ColdFusion 10 Hotfix available for Windows
    - https://www.adobe.com/support/securi...apsb12-25.html
    November 19, 2012
    CVE number: CVE-2012-5674
    Platform: Windows
    Summary: Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
    Affected software versions: ColdFusion 10 Update 1 and above for Windows
    Solution: Adobe recommends customers update their installation of ColdFusion 10 Update 1 and above for Windows to ColdFusion 10 Update 5 using the instructions provided in the technote:
    > http://helpx.adobe.com/coldfusion/kb...apsb12-25.html
    ___

    - https://secunia.com/advisories/51335/
    Release Date: 2012-11-20
    Criticality level: Moderately critical
    Impact: DoS
    Where: From remote
    CVE Reference: CVE-2012-5674
    ... vulnerability is reported in version 10 update 1 and higher.
    Solution: Update to version 10 update 5...

    Last edited by AplusWebMaster; 2012-11-20 at 16:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #32
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.5.502.135 released

    FYI...

    Flash Player v11.5.502.135 released
    - https://www.adobe.com/support/securi...apsb12-27.html
    Dec 11, 2012
    CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.135.
    - Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136.
    - Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258.
    - Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.5 for Windows, Macintosh and Linux.
    - Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.377.15.
    - Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34.
    - Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.29.

    - Users of Adobe AIR 3.5.0.600 and earlier versions for Windows should update to Adobe AIR 3.5.0.880.
    - Users of Adobe AIR 3.5.0.600 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.890.
    - Users of the Adobe AIR 3.5.0.600 SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.880 SDK (Windows) or Adobe AIR 3.5.0.890 SDK (Mac)...
    - http://get.adobe.com/air/

    Flash Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    - https://secunia.com/advisories/51560/
    Release Date: 2012-12-12
    Criticality level: Highly critical
    Impact: System access
    Where: From remote...
    ___

    ColdFusion 10 and earlier - Hotfix available
    - https://www.adobe.com/support/securi...apsb12-26.html
    December 11, 2012
    CVE number: CVE 2012-5675
    Platform: All Platforms
    Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment...
    Affected software versions:
    ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
    Solution:
    Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
    http://helpx.adobe.com/coldfusion/kb...apsb12-26.html .

    - https://secunia.com/advisories/51551/
    Release Date: 2012-12-12
    Criticality level: Moderately critical
    Impact: Security Bypass
    Where: From remote...

    Last edited by AplusWebMaster; 2012-12-12 at 12:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #33
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe ColdFusion - multiple vulns ...

    FYI...

    Adobe ColdFusion - multiple vulns ...
    - https://www.adobe.com/support/securi...apsa13-01.html
    January 4, 2013
    CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631
    Platform: All
    Summary: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX:
    CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
    CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
    CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
    There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers. Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set. We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013..."
    ___

    Adobe Reader/Acrobat prenotification for Jan 2013
    - https://www.adobe.com/support/securi...apsb13-02.html
    Jan 3, 2013 - "Adobe is planning to release security updates on Tuesday, January 8, 2013 for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #34
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.5.502.146, Reader/Acrobat v11.0.1 released

    FYI...

    Flash Player v11.5.502.146 released
    - https://www.adobe.com/support/securi...apsb13-01.html
    Jan 8, 2013
    CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0630 - 10.0 (HIGH)
    Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.5.502.135 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.146.
    - Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.146.
    - Users of Adobe Flash Player 11.2.202.258 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.261.
    Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
    Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows: https://support.microsoft.com/kb/2796096
    - Users of Adobe Flash Player 11.1.115.34 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.36.
    - Users of Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.31.
    - Users of Adobe AIR 3.5.0.880 and earlier versions for Windows should update to Adobe AIR 3.5.0.1060.
    - Users of Adobe AIR 3.5.0.890 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.1060.
    - Users of the Adobe AIR SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.1060 SDK...

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    >> http://get.adobe.com/air/
    ___

    - https://secunia.com/advisories/51771/
    Release Date: 2013-01-08
    Criticality level: Highly critical
    Impact: System access
    Where: From remote...
    CVE Reference: CVE-2013-0630
    Solution: Update to a fixed version...
    ___

    Adobe Reader/Acrobat v11.0.1 released
    - https://www.adobe.com/support/securi...apsb13-02.html
    Jan 8, 2013
    CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
    Platform: All
    Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Reader XI (11.0.0) for Windows and Macintosh should update to Adobe Reader XI (11.0.1).
    - For users of Adobe Reader X (10.1.4) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader X (10.1.5).
    - For users of Adobe Reader 9.5.2 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader 9.5.3.
    - Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
    - Users of Adobe Acrobat XI (11.0.0) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.1).
    - Users of Adobe Acrobat X (10.1.4) and earlier versions for Windows and Macintosh should update to Adobe Acrobat X (10.1.5).
    - Users of Adobe Acrobat 9.5.2 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.3...
    Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
    Adobe Acrobat: Users can utilize the product's update mechanism...
    ___

    - http://www.securitytracker.com/id/1027952
    CVE Reference: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
    Jan 8 2013
    Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
    Solution: The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).
    ... advisory is available at:
    - http://www.adobe.com/support/securit...apsb13-02.html

    Last edited by AplusWebMaster; 2013-01-25 at 14:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #35
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion hotfix released

    FYI...

    ColdFusion hotfix released
    - https://www.adobe.com/support/securi...apsa13-01.html
    Last updated: January 16, 2013
    CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
    Platform: All
    Summary: Adobe has identified four vulnerabilities affecting ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX:
    • CVE-2013-0625 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
    • CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
    • CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
    • CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
    There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers.
    Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-03*..."
    * https://www.adobe.com/support/securi...apsb13-03.html
    >> http://helpx.adobe.com/coldfusion/kb...apsb13-03.html

    January 16, 2013 - Advisory revised to correct the versions of ColdFusion vulnerable to CVE-2013-0625.

    Last edited by AplusWebMaster; 2013-01-17 at 07:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #36
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.5.502.149 released

    FYI...

    Flash v11.5.502.149 released
    - https://www.adobe.com/support/securi...apsb13-04.html
    Feb 7, 2013
    CVE number:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0633 - 9.3 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0634 - 9.3 (HIGH)
    Platform: All Platforms
    Summary: Adobe has released security updates... These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
    Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
    - Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
    - Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
    - Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows...
    - Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
    - Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    - https://blogs.adobe.com/psirt/2013/0...apsb13-04.html

    - https://secunia.com/advisories/52116/
    Release Date: 2013-02-08
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    CVE Reference(s): CVE-2013-0633, CVE-2013-0634
    ... vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions...
    Solution: Update to a fixed version.
    Original Advisory: http://www.adobe.com/support/securit...apsb13-04.html
    ___

    MS Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in IE 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    "... updates are available from... Windows Update..."
    V7.0 (February 7, 2013): Added KB2811522* to the Current update section.
    * http://support.microsoft.com/kb/2811522

    Last edited by AplusWebMaster; 2013-02-09 at 18:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #37
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.6.602.168, Shockware v12.0.0.112 released

    FYI...

    Flash Player v11.6.602.168 released
    - https://www.adobe.com/support/securi...apsb13-05.html
    February 12, 2013
    CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
    https://web.nvd.nist.gov/view/vuln/s...months&cves=on
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.5.502.149 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.168.
    - Users of Adobe Flash Player 11.5.502.149 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.167.
    - Users of Adobe Flash Player 11.2.202.262 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.270.
    - Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.167 for Windows, Macintosh and Linux.
    - Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.167 for Windows.
    - Users of Adobe Flash Player 11.1.115.37 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.47.
    - Users of Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.43.
    - Users of Adobe AIR 3.5.0.1060 and earlier versions should update to Adobe AIR 3.6.0.597.
    - Users of the Adobe AIR 3.5.0.1060 SDK (including AIR for iOS) and earlier should update to the new Adobe AIR 3.6.0.599 SDK + Compiler...

    - https://www.adobe.com/support/securi...5.html#Ratings
    Product Updated version Platform Priority rating
    Adobe Flash Player 11.6.602.168 Windows 1

    Flash Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    >> http://get.adobe.com/air/
    ___

    MS Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in IE 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    "... updates are available from... Windows Update..."
    V8.0 (February 12, 2013): Added KB2805940 to the Current update section.
    * http://support.microsoft.com/kb/2805940
    ___

    Shockwave Player v12.0.0.112 released
    - https://www.adobe.com/support/securi...apsb13-06.html
    February 12, 2013
    CVE number: CVE-2013-0635, CVE-2013-0636
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.8.638 and earlier versions update to Adobe Shockwave Player 12.0.0.112...

    >> http://get.adobe.com/shockwave/

    .
    Last edited by AplusWebMaster; 2013-02-13 at 20:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #38
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe 0-day Reader/Acrobat exploit in-the-wild

    FYI...

    Adobe 0-day Reader/Acrobat exploit in-the-wild
    - https://blogs.adobe.com/psirt/2013/0...ty-report.html
    Feb 12, 2013 10:45 PM - "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog* for the latest information."
    * http://blogs.adobe.com/psirt/

    - https://secunia.com/advisories/52196/
    Release Date: 2013-02-14
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution: No official solution is currently available.
    ... Reported as a 0-day.
    Original Advisory:
    - https://www.adobe.com/support/securi...apsa13-02.html
    Last updated: Feb 16, 2013
    CVE number: CVE-2013-0640, CVE-2013-0641
    "... Mitigations: Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here:
    > https://www.adobe.com/devnet-docs/ac...ectedview.html
    ... Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013..."

    - http://arstechnica.com/security/2013...on-by-default/
    Feb 14, 2013 - "... the "protected view" feature prevents the current attacks from working — but only if it's manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the "Files from potentially unsafe locations," or even the "All files" option. Then click OK.
    There's also a way for administrators to enable protected view on Windows machines across their organization... It's unclear why protected view isn't turned on by default..."

    >> http://www.f-secure.com/weblog/archi...tectedView.png

    - http://blog.fireeye.com/research/201...-pdf-time.html
    Feb 13, 2013 - "... we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain... we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public..."

    - http://www.f-secure.com/weblog/archives/00002500.html
    Feb 13, 2013 - "... Consider mitigating your Adobe Reader usage until there's an update from Adobe..."

    - http://blog.trendmicro.com/trendlabs...-adobe-reader/
    Feb 13, 2013 - "... Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes... To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources..."
    ___

    ThreatCon is currently at Level 2: Elevated.
    - https://www.symantec.com/security_re...atconlearn.jsp
    "... On February 7, 2013, Adobe released a patch for Adobe Flash Player. This release addresses CVE-2013-0633 (BID 57788) and CVE-2013-0634 (BID 57787), which are being actively exploited in the wild, distributed through malicious Word documents...
    [superseded by APSB13-05: https://www.adobe.com/support/securi...apsb13-05.html
    ... Adobe Flash Player 11.6.602.168... February 12, 2013
    CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
    https://web.nvd.nist.gov/view/vuln/s...months&cves=on ...]"

    Last edited by AplusWebMaster; 2013-02-17 at 18:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #39
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader/Acrobat 11.0.02 released ...

    FYI...

    Adobe Reader/Acrobat 11.0.02 released
    - https://www.adobe.com/support/securi...apsb13-07.html
    February 20, 2013
    CVE number:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0640 - 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0641 - 9.3 (HIGH)
    Platform: All Platforms
    "... Adobe recommends users update their product installations to the latest versions:
    • Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
    • For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
    • For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
    • Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
    • Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
    • Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
    • Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4...
    Adobe recommends users update their software installations by following the instructions below:
    Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
    Adobe Reader users on Windows can also find the appropriate update here:
    - http://www.adobe.com/support/downloa...atform=Windows
    Adobe Reader users on Macintosh can also find the appropriate update here:
    - http://www.adobe.com/support/downloa...form=Macintosh
    Adobe Reader users on Linux can find the appropriate update here:
    - ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
    Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
    Acrobat Standard, Pro and Pro Extended users on Windows can also find the appropriate update here:
    - http://www.adobe.com/support/downloa...atform=Windows
    Acrobat Pro users on Macintosh can also find the appropriate update here:
    - http://www.adobe.com/support/downloa...form=Macintosh ..."

    New Downloads:
    - https://www.adobe.com/support/downloads/new.jsp

    Last edited by AplusWebMaster; 2013-02-20 at 22:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #40
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 11.6.602.171 released

    FYI...

    Flash 11.6.602.171 released
    - https://www.adobe.com/support/securi...apsb13-08.html
    Feb 26, 2013
    CVE number:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0504 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0643 - 9.3 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0648 - 9.3 (HIGH)
    Platform: All platforms
    Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Summary: Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.
    - Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.
    - Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.
    - Adobe Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows...

    Flash Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://helpx.adobe.com/flash-player/...n_your_machine
    ___

    MS Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in IE 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    "... updates are available from... Windows Update..."
    Affected Software: Windows 8, Windows Server 2012, Windows RT
    V9.0 (February 26, 2013): Added KB2819372 to the Current Update section.
    ___

    - https://secunia.com/advisories/52374/
    Release Date: 2013-02-27
    Criticality level: Extremely critical
    Impact: Security Bypass, System access
    Where: From remote...
    Solution: Update to a fixed version.
    Original Advisory: Adobe:
    http://www.adobe.com/support/securit...apsb13-08.html
    ___

    -Fake- Adobe Flash update page
    - https://www.symantec.com/connect/sit.../Figure1_6.png
    Feb 27, 2013

    - http://www.symantec.com/connect/blog...ms-click-fraud
    Feb 27, 2013 - "... To ensure that you do not become a victim in the first place, please ensure that your antivirus definitions are constantly updated and that your software packages are also regularly updated. Do not download updates from third-party sites and always double check the URL of the download that is being offered."

    Last edited by AplusWebMaster; 2013-03-02 at 17:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •