Page 7 of 14 FirstFirst ... 34567891011 ... LastLast
Results 61 to 70 of 139

Thread: Adobe updates/advisories

  1. #61
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 13.0.0.182 released

    FYI...

    Flash 13.0.0.182 released
    - http://helpx.adobe.com/security/prod...apsb14-09.html
    Release date: April 8, 2014
    Vulnerability identifier: APSB14-09
    CVE number: CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.182
    - Users of Adobe Flash Player 11.2.202.346 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.350.
    - Adobe Flash Player 12.0.0.77 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.182 for Windows, Macintosh and Linux.
    - Adobe Flash Player 12.0.0.77 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.0.
    - Adobe Flash Player 12.0.0.77 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.182 for Windows 8.1.
    - Users of Adobe AIR 4.0.0.1628 and earlier versions for Android should update to Adobe AIR 13.0.0.83.
    - Users of the Adobe AIR 4.0.0.1628 SDK and earlier versions should update to the Adobe AIR 13.0.0.83 SDK.
    - Users of the Adobe AIR 4.0.0.1628 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.83 SDK & Compiler...
    * Beginning May 13, 2014, Adobe Flash Player 13 for Mac and Windows will replace version 11.7 as the extended support version. Adobe recommends users upgrade to version 13 to continue to receive security updates. See this blog post for further details:
    - http://blogs.adobe.com/flashplayer/2...t-release.html
    ___

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    - http://helpx.adobe.com/flash-player.html

    AIR download:
    - http://get.adobe.com/air/

    Last edited by AplusWebMaster; 2014-04-08 at 21:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #62
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader Mobile 11.2 released

    FYI...

    Adobe Reader Mobile 11.2 released
    - http://helpx.adobe.com/security/prod...apsb14-12.html
    April 14, 2014
    CVE Number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2014-0514 - 9.3
    Platform: Android
    Summary: Adobe has released a security update for Adobe Reader Mobile for the Android operating system. This update addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users update their product installations...
    Solution: Adobe recommends users of Adobe Reader Mobile update to the newest version, available here:
    - https://play.google.com/store/apps/d...m.adobe.reader
    This update addresses a critical vulnerability in the software..."
    ___

    - https://secunia.com/advisories/57928/
    Release Date: 2014-04-15
    Criticality: Highly Critical
    Where: From remote
    Impact: System access ...
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-0514
    ... vulnerability is reported in versions 11.1.3 and prior.
    Solution: Update to version 11.2.
    Original Advisory: APSB14-12:
    - http://helpx.adobe.com/security/prod...apsb14-12.html

    Last edited by AplusWebMaster; 2014-04-20 at 17:01.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #63
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 13.0.0.206 released

    FYI...

    Flash 13.0.0.206 released
    - https://helpx.adobe.com/security/pro...apsb14-13.html
    April 28, 2014
    CVE number: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0515 - 10.0 (HIGH)
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform. Adobe recommends users update their product installations to the latest versions:
    • Users of Adobe Flash Player 13.0.0.182 and earlier versions for Windows should update to Adobe Flash Player 13.0.0.206.
    • Users of Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh should update to Adobe Flash Player 13.0.0.206.
    • Users of Adobe Flash Player 11.2.202.350 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.356.
    • Adobe Flash Player 13.0.0.182 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.206 for Windows, Macintosh and Linux.
    • Adobe Flash Player 13.0.0.182 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.0.
    • Adobe Flash Player 13.0.0.182 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.1...
    ___

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    - http://helpx.adobe.com/flash-player.html
    ___

    - http://atlas.arbor.net/briefs/index#-638897988
    Extreme Severity
    01 May 2014
    ... critical flaw (CVE-2014-0515*) in Flash Player currently being exploited...

    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0515 - 10.0
    Last revised: 05/31/2014 - "... as exploited in the wild in April 2014"

    Last edited by AplusWebMaster; 2014-06-14 at 15:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #64
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 13.0.0.214, Reader/Acrobat 11.0.07, Illustrator hotfix released

    FYI...

    Flash 13.0.0.214 released
    - https://helpx.adobe.com/security/pro...apsb14-14.html
    May 13, 2014
    CVE number: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 13.0.0.214.
    - Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359.
    - Adobe Flash Player 13.0.0.206 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.214 for Windows, Macintosh and Linux.
    - Adobe Flash Player 13.0.0.206 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.0.
    - Adobe Flash Player 13.0.0.206 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.214 for Windows 8.1.
    - Users of the Adobe AIR 13.0.0.83 SDK and earlier versions should update to the Adobe AIR 13.0.0.111 SDK.
    - Users of the Adobe AIR 13.0.0.83 SDK & Compiler and earlier versions should update to the Adobe AIR 13.0.0.111 SDK & Compiler...
    ___

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    - http://helpx.adobe.com/flash-player.html

    AIR download:
    - http://get.adobe.com/air/
    ___

    Reader/Acrobat 11.0.07 released
    - https://helpx.adobe.com/security/pro...apsb14-15.html
    May 13, 2014
    CVE numbers: CVE-2014-0511, CVE-2014-0512, CVE-2014-0521, CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0525, CVE-2014-0526, CVE-2014-0527, CVE-2014-0528, CVE-2014-0529
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Reader XI (11.0.06) for Windows and Macintosh should update to Adobe Reader XI (11.0.07).
    - For users of Adobe Reader X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.07), Adobe has made available the update Adobe Reader X (10.1.10).
    - Users of Adobe Acrobat XI (11.0.06) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.07).
    - For users of Adobe Acrobat X (10.1.9) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.07), Adobe has made available the update Adobe Acrobat X (10.1.10)...

    Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates ...
    ___

    Illustrator hotfix released
    - https://helpx.adobe.com/security/pro...apsb14-11.html
    May 13, 2014
    CVE number: CVE-2014-0513
    Platform: Windows and Macintosh
    Summary: Adobe has released a security hotfix for Adobe Illustrator (CS6) for Windows and Macintosh. This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... Adobe recommends users update their software installations by following these instructions:
    - https://helpx.adobe.com/security/pro...6%20Hotfix.pdf

    This hotfix addresses a vulnerability that could be exploited to gain remote code execution on the affected system... These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0513)...

    Last edited by AplusWebMaster; 2014-05-13 at 22:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #65
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 14.0.0.125 released

    FYI...

    Flash 14.0.0.125 released
    - https://helpx.adobe.com/security/pro...apsb14-16.html
    June 10, 2014
    CVE numbers: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.359 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.125.
    - Users of Adobe Flash Player 11.2.202.359 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.378.
    - Adobe Flash Player 13.0.0.214 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.125 for Windows, Macintosh and Linux.
    - Adobe Flash Player 13.0.0.214 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.0.
    - Adobe Flash Player 13.0.0.214 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.125 for Windows 8.1.
    - Users of the Adobe AIR 13.0.0.111 SDK and earlier versions should update to the Adobe AIR 14.0.0.110 SDK.
    - Users of the Adobe AIR 13.0.0.111 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.110 SDK & Compiler.
    - Users of Adobe AIR 13.0.0.111 and earlier versions for Android should update to Adobe AIR 14.0.0.110.
    - Users of Adobe AIR 13.0.0.111 and earlier versions for Windows and Macintosh should update to Adobe 14.0.0.110.
    ___

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    - http://helpx.adobe.com/flash-player.html

    AIR download:
    - http://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1030368
    CVE Reference: CVE-2014-0531, CVE-2014-0532, CVE-2014-0533, CVE-2014-0534, CVE-2014-0535, CVE-2014-0536
    Jun 10 2014
    Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 13.0.0.214 and prior (Windows/Mac); 11.2.202.359 and prior (Linux)...
    Solution: The vendor has issued a fix (14.0.0.125 for Windows/Mac, 11.2.202.378 for Linux).
    The vendor's advisory is available at:
    - http://helpx.adobe.com/security/prod...apsb14-16.html

    Last edited by AplusWebMaster; 2014-06-12 at 13:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #66
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 14.0.0.145 released

    FYI...

    Flash 14.0.0.145 released
    - https://helpx.adobe.com/security/pro...apsb14-17.html
    July 8, 2014
    CVE number: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.378 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 14.0.0.145.
    - Users of Adobe Flash Player 11.2.202.378 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.394.
    - Adobe Flash Player 14.0.0.125 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.145 for Windows, Macintosh and Linux.
    - Adobe Flash Player 14.0.0.125 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.0.
    - Adobe Flash Player 14.0.0.125 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.145 for Windows 8.1.
    - Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK.
    - Users of the Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.137 SDK & Compiler.
    - Users of Adobe AIR 14.0.0.110 and earlier versions for Android should update to Adobe AIR 14.0.0.137...
    ___

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    AIR download:
    - http://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1030533
    CVE Reference: CVE-2014-0537, CVE-2014-0539, CVE-2014-4671
    Jul 8 2014
    Impact: Disclosure of system information, Disclosure of user information, Modification of user information, Not specified, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 14.0.0.125 and prior (for Windows/Mac), 11.2.202.378 and prior (for Linux)...
    Solution: The vendor has issued a fix (14.0.0.145 for Windows/Mac, 11.2.202.394 for Linux)...

    Last edited by AplusWebMaster; 2014-07-09 at 00:56.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #67
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Flash, Reader, Acrobat updated ...

    FYI...

    Flash 14.0.0.179 released
    - https://helpx.adobe.com/security/pro...apsb14-18.html
    Aug 12, 2014
    CVE number:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0538 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0540 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0541 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0542 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0543 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0544 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0545 - 10.0 (HIGH)
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.394 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of the Adobe Flash Player Active X plugin for Internet Explorer version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.176.
    - Users of the Adobe Flash Player Windows NPAPI plugin for Firefox version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.179.
    - Users of the Adobe Flash Player version 14.0.0.145 and earlier for Macintosh should update to Adobe Flash Player 14.0.0.176.
    - Users of Adobe Flash Player 11.2.202.394 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.400.
    - Adobe Flash Player 14.0.0.145 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.177 for Windows, Macintosh and Linux.
    - Adobe Flash Player 14.0.0.145 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.0.
    - Adobe Flash Player 14.0.0.145 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.1.
    - Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.
    - Users of the Adobe AIR 14.0.0.137 SDK and earlier versions should update to the Adobe AIR 14.0.0.178 SDK.
    - Users of the Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.178 SDK & Compiler.
    - Users of Adobe AIR 14.0.0.137 and earlier versions for Android should update to Adobe AIR 14.0.0.179...

    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    AIR download:
    - http://get.adobe.com/air/
    ___

    Reader/Acrobat 11.0.08 released
    - https://helpx.adobe.com/security/pro...apsb14-19.html
    Aug 12, 2014
    CVE numbers: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0546 - 10.0 (HIGH)
    Platform: Windows
    Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected. Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
    - For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
    - Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
    - For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11...
    Solution: Reader, Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
    ___

    - http://www.securitytracker.com/id/1030712
    CVE Reference: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
    Aug 12 2014
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 14.0.0.145 and prior (Windows/Mac); 11.2.202.394 and prior (Linux) ...
    Impact: A remote user can create content that, when loaded by the target user, will bypass security features and execute arbitrary code on the target user's system...

    - http://www.securitytracker.com/id/1030711
    CVE Reference: CVE-2014-0546
    Aug 12 2014
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 11.0.07 and prior ...
    Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system...
    ___

    - https://atlas.arbor.net/briefs/index#1185576709
    Extreme Severity
    14 Aug 2014
    Analysis: At least one security issue patched this month (CVE-2014-0546) has already been exploited in limited targeted attacks. The flaw, affecting Windows versions of Reader and Acrobat, is a sandbox bypass vulnerability that could allow an attacker to run native code with escalated privileges. [ https://securelist.com/blog/research...reader-update/ ] Meanwhile, the update for Flash Player is rated as 'critical' and should also be applied as soon as possible. According to a report on attack trends of the first half of 2014, Adobe Flash is the primary browser plugin targeted by zero-day attacks. [ http://www.bromium.com/sites/default...eat_report.pdf ] As Flash is required by many web sites, users can take advantage of the 'click to play' feature found in Chrome, Firefox, and Opera web browsers as a security measure.

    Last edited by AplusWebMaster; 2014-08-15 at 05:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #68
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 15.0.0.152 released

    FYI...

    Flash 15.0.0.152 released
    - https://helpx.adobe.com/security/pro...apsb14-21.html
    Sep 9, 2014
    CVE number:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0547 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0548 - 7.5 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0549 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0550 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0551 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0552 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0553 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0554 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0555 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0556 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0557 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0559 - 10.0 (HIGH)
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.152.
    - Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.244.
    - Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.406.
    - Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
    - Users of the Adobe AIR desktop runtime, SDK and SDK and Compiler should update to version 15.0.0.249.
    - Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.252...

    For I/E:
    - http://download.macromedia.com/get/f...5_active_x.exe
    For Firefox (Plugin-based browsers):
    - http://download.macromedia.com/get/f..._15_plugin.exe

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    AIR download:
    - http://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1030822
    CVE Reference: CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557, CVE-2014-0559
    Sep 9 2014
    Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 14.0.0.179 and prior; 13.0.0.241 and prior 13.x versions ...
    Solution: The vendor has issued a fix (13.0.0.244 Extended Release, 15.0.0.152 for Windows/Mac, 11.2.202.406 for Linux).

    Last edited by AplusWebMaster; 2014-09-11 at 12:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #69
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader / Acrobat 11.0.09 released

    FYI...

    Adobe Reader / Acrobat 11.0.09 released
    - https://helpx.adobe.com/security/pro...apsb14-20.html
    Sep 16, 2014
    CVE Numbers: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Reader XI (11.0.08) and earlier versions should update to version 11.0.09.
    - For users of Adobe Reader X (10.1.11) and earlier versions who cannot update to version 11.0.09, Adobe has made available version 10.1.12.
    - Users of Adobe Acrobat XI (11.0.08) and earlier versions should update to version 11.0.09.
    - For users of Adobe Acrobat X (10.1.11) and earlier versions, who cannot update to version 11.0.09, Adobe has made available version 10.1.12...
    The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
    ___

    - http://www.securitytracker.com/id/1030853
    CVE Reference: CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568
    Sep 16 2014
    Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10.1.11 and prior; 11.0.08 and prior...
    Solution: The vendor has issued a fix (10.1.12, 11.0.09).
    ___

    - https://atlas.arbor.net/briefs/index#-778103136
    Extreme Severity
    19 Sep 2014

    Last edited by AplusWebMaster; 2014-09-21 at 14:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #70
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 15.0.0.189 released, ColdFusion updates...

    FYI...

    Flash 15.0.0.189 released
    - https://helpx.adobe.com/security/pro...apsb14-22.html
    Oct 14, 2014
    CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    - Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
    - Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
    - Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
    - Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
    - Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
    - Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
    - Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...

    For I/E:
    - http://download.macromedia.com/get/f...5_active_x.exe
    For Firefox (Plugin-based browsers):
    - http://download.macromedia.com/get/f..._15_plugin.exe

    Flash test site:
    - http://www.adobe.com/software/flash/about/

    AIR download:
    - http://get.adobe.com/air/

    - http://www.securitytracker.com/id/1031019
    CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
    Oct 14 2014
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
    Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
    The vendor's advisory is available at:
    - http://helpx.adobe.com/security/prod...apsb14-22.html
    ___

    ColdFusion hotfixes available
    - https://helpx.adobe.com/security/pro...apsb14-23.html
    Oct 14, 2014
    CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
    Platform: All Platforms
    Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
    Affected software versions:
    ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
    Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.com/coldfusion/kb...apsb14-23.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
    ___

    - http://www.securitytracker.com/id/1031020
    CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
    Oct 14 2014
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
    Solution: The vendor has issued a hotfix.

    Last edited by AplusWebMaster; 2014-10-15 at 07:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •