Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash 24.0.0.186 released
- https://helpx.adobe.com/security/pro...apsb16-39.html
Dec 13, 2016
CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 24.0.0.186 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 24.0.0.186 by visiting the Adobe Flash Player Download Center
- http://www.adobe.com/go/getflash
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.186 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.186.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1037442
CVE Reference: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Dec 13 2016
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 23.0.0.207 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (24.0.0.186)...
___

Adobe Animate 16.0.0.112 realeased
- https://helpx.adobe.com/security/pro...apsb16-38.html
Dec 13, 2016
CVE number: CVE-2016-7866
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Animate for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
> https://creative.adobe.com/products/download/animate
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information...
___

Adobe Experience Manager Forms
- https://helpx.adobe.com/security/pro...apsb16-40.html
Dec 13, 2016
CVE number: CVE-2016-6933, CVE-2016-6934
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks...
Solution:... recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team:
> https://helpx.adobe.com/marketing-cl...t-support.html
___

Adobe DNG Converter 9.8
- https://helpx.adobe.com/security/pro...apsb16-41.html
Dec 13, 2016
CVE number: CVE-2016-7856
Platform: Windows and Macintosh
Summary: Adobe has released a security update for the Adobe DNG Converter for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version...
For more information, please reference the release notes:
- https://blogs.adobe.com/lightroomjou...available.html
___

Adobe Experience Manager
- https://helpx.adobe.com/security/pro...apsb16-42.html
Dec 13, 2016
CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
Platform: Windows, Unix, Linux and OS X
Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885)...
Solution: Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0...

6.0: https://docs.adobe.com/docs/en/aem/6...checklist.html
6.1: https://docs.adobe.com/docs/en/aem/6...checklist.html
6.2: https://docs.adobe.com/docs/en/aem/6...checklist.html
___

Security updates available for InDesign
- https://helpx.adobe.com/security/pro...apsb16-43.html
Dec 13, 2016
CVE number: CVE-2016-7886
Platform: Windows and Macintosh
Summary: Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version:
InDesign 12.0.0 Windows and Macintosh:
Relase Notes: https://helpx.adobe.com/indesign/rel...n-cc-2017.html
InDesign Server 12.0.0 Windows and Macintosh
Release Notes: https://helpx.adobe.com/indesign/rel...ase-notes.html
___

ColdFusion Builder
- https://helpx.adobe.com/security/pro...apsb16-44.html
Dec 13, 2016
CVE number: CVE-2016-7887
Platforms: Windows, Linux and Macintosh
Summary: Adobe has released a security update for ColdFusion Builder for Windows, Linux, and Macintosh. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-7887)...
Solution: ... recommends users update their installations to the newest versions:
ColdFusion Builder 2016 Update 3 - Tech note:
> https://helpx.adobe.com/coldfusion/k...-update-3.html
ColdFusion Builder 3.0 3.0.3 Hotfix - Tech note:
> https://helpx.adobe.com/coldfusion/k...-3-update.html
___

Adobe Digital Editions 4.5.3
- https://helpx.adobe.com/security/pro...apsb16-45.html
Dec 13, 2016
CVE numbers: CVE-2016-7888, CVE-2016-7889
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure...
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version 4.5.3 ...
Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.com/solutions/eboo.../download.html
For more information, please reference the release notes:
- http://www.adobe.com/solutions/ebook...ase-notes.html
___

Security update available for RoboHelp 2015.0.4
- https://helpx.adobe.com/security/pro...apsb16-46.html
Dec 13, 2016
CVE number: CVE-2016-7891
Platforms: Windows
Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation issue that could be used in cross-site scripting attacks...
Download: https://www.adobe.com/support/robohelp/downloads.html
Tech note: https://helpx.adobe.com/robohelp/kb/...erability.html
Release notes: https://www.adobe.com/robohelp/Adobe...0_1_ReadMe.pdf
KB article: https://helpx.adobe.com/robohelp/kb/...erability.html

[AplusWebMaster]

FYI...

Adobe Flash - EOL end of 2020
- https://blogs.adobe.com/conversation...sh-update.html
July 25, 2017 - "... as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web... Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats..."

... i.e.: HTML5, WebGL and WebAssembly.

[tashi]

Summary.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system.

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

[AplusWebMaster]

FYI...

Adobe Acrobat and Reader
- https://helpx.adobe.com/security/pro...apsb18-02.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions...
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates.
> The products will update automatically, without requiring user intervention, when updates are detected.
> The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
- https://get.adobe.com/reader/

- https://www.securitytracker.com/id/1040364
___

Adobe Experience Manager - updated
- https://helpx.adobe.com/security/pro...apsb18-04.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important...
Affected product versions: All... minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced:
Solution: https://helpx.adobe.com/security/pro...abilitydetails

- https://www.securitytracker.com/id/1040365
___

- https://www.us-cert.gov/ncas/current...curity-Updates
Feb 13, 2018

[AplusWebMaster]

FYI...

Flash 28.0.0.161 released
- https://helpx.adobe.com/security/pro...apsb18-03.html
Feb 6, 2018
"Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.161 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
- https://get.adobe.com/flashplayer/
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.161 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.161.
Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pu..._player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pu...ash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/