Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash 14.0.0.179 released
- https://helpx.adobe.com/security/pro...apsb14-18.html
Aug 12, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0538 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0540 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0541 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0542 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0543 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0544 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0545 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 14.0.0.145 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.394 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Active X plugin for Internet Explorer version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.176.
- Users of the Adobe Flash Player Windows NPAPI plugin for Firefox version 14.0.0.145 and earlier should update to Adobe Flash Player 14.0.0.179.
- Users of the Adobe Flash Player version 14.0.0.145 and earlier for Macintosh should update to Adobe Flash Player 14.0.0.176.
- Users of Adobe Flash Player 11.2.202.394 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.400.
- Adobe Flash Player 14.0.0.145 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 14.0.0.177 for Windows, Macintosh and Linux.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.0.
- Adobe Flash Player 14.0.0.145 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 14.0.0.176 for Windows 8.1.
- Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.
- Users of the Adobe AIR 14.0.0.137 SDK and earlier versions should update to the Adobe AIR 14.0.0.178 SDK.
- Users of the Adobe AIR 14.0.0.137 SDK & Compiler and earlier versions should update to the Adobe AIR 14.0.0.178 SDK & Compiler.
- Users of Adobe AIR 14.0.0.137 and earlier versions for Android should update to Adobe AIR 14.0.0.179...

- https://www.adobe.com/products/flash...ribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

AIR download:
- http://get.adobe.com/air/
___

Reader/Acrobat 11.0.08 released
- https://helpx.adobe.com/security/pro...apsb14-19.html
Aug 12, 2014
CVE numbers: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0546 - 10.0 (HIGH)
Platform: Windows
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected. Adobe is aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Reader X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11.
- Users of Adobe Acrobat XI (11.0.07) and earlier versions for Windows should update to version 11.0.08.
- For users of Adobe Acrobat X (10.1.10) and earlier versions for Windows, who cannot update to version 11.0.08, Adobe has made available version 10.1.11...
Solution: Reader, Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
___

- http://www.securitytracker.com/id/1030712
CVE Reference: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 14.0.0.145 and prior (Windows/Mac); 11.2.202.394 and prior (Linux) ...
Impact: A remote user can create content that, when loaded by the target user, will bypass security features and execute arbitrary code on the target user's system...

- http://www.securitytracker.com/id/1030711
CVE Reference: CVE-2014-0546
Aug 12 2014
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 11.0.07 and prior ...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system...
___

- https://atlas.arbor.net/briefs/index#1185576709
Extreme Severity
14 Aug 2014
Analysis: At least one security issue patched this month (CVE-2014-0546) has already been exploited in limited targeted attacks. The flaw, affecting Windows versions of Reader and Acrobat, is a sandbox bypass vulnerability that could allow an attacker to run native code with escalated privileges. [ https://securelist.com/blog/research...reader-update/ ] Meanwhile, the update for Flash Player is rated as 'critical' and should also be applied as soon as possible. According to a report on attack trends of the first half of 2014, Adobe Flash is the primary browser plugin targeted by zero-day attacks. [ http://www.bromium.com/sites/default...eat_report.pdf ] As Flash is required by many web sites, users can take advantage of the 'click to play' feature found in Chrome, Firefox, and Opera web browsers as a security measure.