Page 11 of 14 FirstFirst ... 7891011121314 LastLast
Results 101 to 110 of 139

Thread: Adobe updates/advisories

  1. #101
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Acrobat/Reader 11.0.14 released

    FYI...

    Adobe Acrobat/Reader 11.0.14 released
    - https://helpx.adobe.com/security/pro...apsb16-02.html
    Jan 12, 2016
    CVE numbers: CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947
    Platform: Windows and Macintosh
    Note: As outlined in this blog post*, Adobe Acrobat X and Adobe Reader X are no-longer-supported.
    Adobe recommends users install Adobe Acrobat DC and Adobe Acrobat Reader DC for the latest features and security updates.
    * https://blogs.adobe.com/documentclou...nd-of-support/
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically when updates are detected without requiring user intervention.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center**.
    For IT administrators (managed environments):
    - Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ , or refer to the specific release note version for links to installers.
    - Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...

    Acrobat for Windows: https://www.adobe.com/support/downlo...atform=Windows
    1/12/2016
    Adobe Reader for Windows: https://www.adobe.com/support/downlo...atform=Windows
    1/12/2016

    Acrobat for Macintosh: https://www.adobe.com/support/downlo...1&platform=Mac
    1/12/2016
    Adobe Reader for Macintosh: https://www.adobe.com/support/downlo...0&platform=Mac
    1/12/2016
    ___

    Also see "New Downloads":
    - https://www.adobe.com/support/downloads/new.jsp
    1/12/2016

    Adobe Acrobat Reader DC
    ** https://get.adobe.com/reader/
    ___

    - http://www.securitytracker.com/id/1034646
    CVE Reference: CVE-2016-0931, CVE-2016-0932, CVE-2016-0933, CVE-2016-0934, CVE-2016-0935, CVE-2016-0936, CVE-2016-0937, CVE-2016-0938, CVE-2016-0939, CVE-2016-0940, CVE-2016-0941, CVE-2016-0942, CVE-2016-0943, CVE-2016-0944, CVE-2016-0945, CVE-2016-0946, CVE-2016-0947
    Jan 12 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (11.0.14, 15.006.30119, 15.010.20056)...

    Last edited by AplusWebMaster; 2016-01-13 at 00:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #102
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 20.0.0.306 released, Photoshop CC and Bridge CC, Experience Manager, Connect

    FYI...

    Flash 20.0.0.306 released
    - https://helpx.adobe.com/security/pro...apsb16-04.html
    Feb 9, 2016
    CVE number: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
    Platform: Windows, Macintosh and Linux ...
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.306 via the update mechanism within the product when prompted... or by visiting the Adobe Flash Player Download Center.
    Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.329 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html.
    Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.569 by visiting the Adobe Flash Player Download Center.
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.306 for Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.306.
    Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.306.
    Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.260 by visiting the AIR download center or the AIR developer center...

    For IEv9 and below:
    - https://download.macromedia.com/get/...0_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._20_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR 20.0.0.260: https://get.adobe.com/air/

    - https://blog.qualys.com/laws-of-vuln...-february-2016
    Feb 9, 2016 - "... The update for Adobe Flash (APSB16-04) contains fixes for -23- vulnerabilities, all of them rated as “critical”, i.e. capable of handing the attacker complete control over the target machine..."

    - http://www.securitytracker.com/id/1034970
    CVE Reference: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
    Feb 9 2016
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (18.0.0.329, 20.0.0.306 for Windows and Mac; 11.2.202.569 for Linux)...
    ___

    Adobe Photoshop CC and Bridge CC
    - https://helpx.adobe.com/security/pro...apsb16-03.html
    Feb 9, 2016
    CVE number: CVE-2016-0951, CVE-2016-0952, CVE-2016-0953
    Platform: Windows and Macintosh
    Summary: Adobe has released updates for Photoshop CC and Bridge CC for Windows and Macintosh. These updates address critical security vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations via each application's update mechanism by launching each application, navigating to the Help menu, and clicking "Updates"...
    Patches for Adobe Photoshop CC 2014 (15.2.4) are also available at the following locations:
    Win (32-bit): https://www.adobe.com/support/downlo...jsp?ftpID=6015
    Win (64-bit): https://www.adobe.com/support/downlo...jsp?ftpID=6016
    Mac: https://www.adobe.com/support/downlo...jsp?ftpID=6017
    Note: These updates will not show in the Applications & Updates section of the Creative Cloud Packager. Please download the patches directly from the links above, and use the option to “Add Offline Media” as described in the workflow documented here:
    - https://helpx.adobe.com/creative-clo..._Offline_Media
    ___

    Adobe Experience Manager
    - https://helpx.adobe.com/security/pro...apsb16-05.html
    Feb 9, 2016
    CVE number: CVE-2016-0955, CVE-2016-0956, CVE-2016-0957, CVE-2016-0958
    Platform: Windows, Unix, Linux and OS X
    Summary: Adobe has released security hot fixes for Adobe Experience Manager. These hot fixes resolve important vulnerabilities that could potentially lead to information disclosure... customers should review and implement the steps outlined in the Security Checklists for versions 6.1, 6.0 or 5.6.1...
    • Hot fix 8364 includes a Java deserialization issues mitigation agent (CVE-2016-0958).
    > https://www.adobeaemcloud.com/conten...otfix-NPR-8364
    • Hot fix 8651 resolves a cross-site scripting vulnerability that could lead to information disclosure (CVE-2016-0955).
    > https://www.adobeaemcloud.com/conten....0-hotfix-8651
    • Hot fix 6445 resolves an information disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 (CVE-2016-0956).
    > https://www.adobeaemcloud.com/conten....0-hotfix-6445
    • Dispatcher 4.1.5 and higher resolves a URL filter bypass vulnerability that could be used to circumvent dispatcher rules (CVE-2016-0957).
    > https://docs.adobe.com/docs/en/dispatcher.html
    ...
    ___

    Adobe Connect
    - https://helpx.adobe.com/security/pro...apsb16-07.html
    Feb 9, 2016
    CVE number: CVE-2016-0948, CVE-2016-0949, CVE-2016-0950
    Platform: Windows
    Summary: Adobe has released a security update for Adobe Connect. This release resolves -important- input validation and content spoofing issues, and includes a feature to protect users from Cross-Site Request Forgery...
    - https://helpx.adobe.com/adobe-connec...ase-notes.html
    "... Adobe Connect 9.5.2 is a maintenance release and is available as a patch. It delivers fixes to a number of issues and includes a few improvements... Adobe Connect 9.5.2 will be rolled out in phases:
    - On-premise: Adobe Connect 9.5.2 installer for customer on-premise deployments (all supported locales): Feb 11th, 2016
    - Hosted: Adobe Connect 9.5.2 service hosted by Adobe: Starting Feb 7th, 2016
    - Managed Services: Adobe managed customer specific cloud deployment of Adobe Connect: Update scheduled based on customer requirement. Please reach out to your Adobe Connect managed services representative to schedule your update..."

    Last edited by AplusWebMaster; 2016-02-09 at 23:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #103
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Acrobat/Reader 11.0.15, Digital Editions 4.5.1 released

    FYI...

    Acrobat/Reader 11.0.15 released
    - https://helpx.adobe.com/security/pro...apsb16-09.html
    March 8, 2016
    CVE Numbers: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
    The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
    > http://get.adobe.com/reader
    Acrobat Reader DC Version 2015.010.20060
    For IT administrators (managed environments):
    - Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ ... or refer to the specific release note version for links to installers.
    - Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.

    > https://www.adobe.com/support/downloads/new.jsp
    Adobe Acrobat 11.0.15
    Adobe Reader 11.0.15
    3/8/2016

    - http://www.securitytracker.com/id/1035199
    CVE Reference: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
    Mar 8 2016
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (11.0.15, 15.006.30121, 15.010.20060)...
    ___

    Adobe Digital Editions 4.5.1 released
    - https://helpx.adobe.com/security/pro...apsb16-06.html
    March 8, 2016
    CVE Numbers: CVE-2016-0954
    Platform: Windows, Macintosh, iOS and Android
    Summary: Adobe has released a security update for Adobe Digital Editions 4.5.0 and earlier versions. This update resolves a critical memory corruption vulnerability that could lead to code execution...
    Customers using Adobe Digital Editions 4.5.0 on Windows can download the update from the Adobe Digital Editions download page:
    > https://www.adobe.com/solutions/eboo.../download.html
    .. or utilize the product’s update mechanism when prompted. Customers using Digital Editions for iOS and Android can download the update from the respective app store.
    For more information, please reference the release notes:
    > http://www.adobe.com/solutions/ebook...ase-notes.html

    - http://www.securitytracker.com/id/1035199
    CVE Reference: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
    Mar 8 2016
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (11.0.15, 15.006.30121, 15.010.20060)...
    ___

    Known issues | Acrobat DC, Reader DC
    - https://helpx.adobe.com/acrobat/kb/k...dc-reader.html
    ___

    - http://krebsonsecurity.com/2016/03/a...tical-updates/
    8 Mar 2016 - "... Adobe spokesperson: the company will be issuing a Flash Player update on Thursday morning."

    Last edited by AplusWebMaster; 2016-03-09 at 22:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #104
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 21.0.0.182 released

    FYI...

    Flash 21.0.0.182 released
    - https://helpx.adobe.com/security/pro...apsb16-08.html
    March 10, 2016
    CVE number: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1000, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010
    Platform: Windows, Macintosh and Linux
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.182 via the update mechanism within the product when prompted.. or by visiting the Adobe Flash Player Download Center.
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.333 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html.
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.577 by visiting the - Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.182 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
    - Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.182.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.176 by visiting the AIR download center or the AIR developer center...

    For IEv9 and below:
    - https://download.macromedia.com/get/...1_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._21_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR 21.0.0.176: https://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1035251
    CVE Reference: CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010
    Mar 11 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (ESR 18.0.0.333; 21.0.0.182; 11.2.202.577 for Linux)...
    ___

    Installation problems | Flash Player | Windows 7 and earlier
    - https://helpx.adobe.com/flash-player...r-windows.html

    Last edited by AplusWebMaster; 2016-03-12 at 19:42.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #105
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player - CVE-2016-1019

    FYI...

    Flash Player - CVE-2016-1019
    - https://helpx.adobe.com/security/pro...apsa16-01.html
    April 5, 2016
    CVE number: CVE-2016-1019
    Platforms: Windows, Macintosh, Linux and Chrome OS
    Summary: "A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version -20.0.0.306- and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently -prevents- exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7..."
    > https://blogs.adobe.com/psirt/?p=1330
    April 5, 2016 - "... critical vulnerability (CVE-2016-1019) in Adobe Flash Player. UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #106
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 21.0.0.213 released

    FYI...

    Flash 21.0.0.213 released
    - https://helpx.adobe.com/security/pro...apsb16-10.html
    Apr 7, 2016
    CVE number: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.213 via the update mechanism within the product when prompted.. or by visiting the Adobe Flash Player Download Center.
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.343 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html.
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.616 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.213 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
    - Adobe Flash Player installed with Internet Explorer for Windows 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
    - Please visit the Flash Player Help page for assistance in installing Flash Player...

    For I/E - some versions get 'Automatic' updates:
    - https://download.macromedia.com/get/...1_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._21_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - http://www.securitytracker.com/id/1035509
    CVE Reference: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
    Apr 8 2016
    Version(s): prior to 21.0.0.213 ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (21.0.0.213; ESR 18.0.0.343; 11.2.202.616 for Linux)...
    ___

    - https://www.us-cert.gov/ncas/current...s-Flash-Player
    April 08, 2016

    Flash 0day (CVE-2016-1019) in the Wild; Exploit Kits Delivering Ransomware
    - https://atlas.arbor.net/briefs/index#-169418222
    Elevated Severity
    April 07, 2016 21:52

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-1019
    Last revised: 04/11/2016 - "... as exploited in the wild in April 2016."
    10.0 HIGH

    Last edited by AplusWebMaster; 2016-04-28 at 13:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #107
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Creative Cloud 3.6.0.244, RoboHelp Svr hotfix, AIR 21.0.0.198

    FYI...

    Creative Cloud 3.6.0.244 released
    - https://helpx.adobe.com/security/pro...apsb16-11.html
    April 12, 2016
    CVE number: CVE-2016-1034
    Platform: Windows and Macintosh
    Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
    Creative Cloud Desktop Application - 3.6.0.244 - Windows and Macintosh ...
    Creative Cloud users can apply the update via the application's update mechanism. For more details, visit:
    - https://www.adobe.com/creativecloud/desktop-app.html
    For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
    - https://helpx.adobe.com/creative-clo...-licenses.html
    Refer to this help page* for more information on the Creative Cloud Packager.
    * https://helpx.adobe.com/creative-cloud/packager.html
    Vulnerability Details: This update resolves a vulnerability in the JavaScript API for Creative Cloud Libraries that could be abused to remotely read and write files on the client’s file system (CVE-2016-1034)...
    ___

    Security hotfix available for RoboHelp Server
    - https://helpx.adobe.com/security/pro...apsb16-12.html
    April 12, 2016
    CVE number: CVE-2016-1035
    Platform: Windows
    Solution: ... Please refer to the Knowledge Base article available here* for instructions to download and apply the hotfix.
    * https://helpx.adobe.com/content/help...ity-issue.html
    Vulnerability Details: This hotfix resolves a vulnerability in the handling of SQL queries that could lead to information disclosure (CVE-2016-1035)...
    ___

    Security updates available for Adobe Flash Player
    - https://helpx.adobe.com/security/pro...apsb16-10.html
    Last updated: April 12, 2016: Updated to reflect the availability of AIR updates for the CVEs referenced in this bulletin.
    Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.198 by visiting the AIR download center* or the AIR developer center**.

    * AIR: 21.0.0.198: http://get.adobe.com/air/

    ** http://www.adobe.com/devnet/air/air-sdk-download.html
    ___

    - https://www.us-cert.gov/ncas/current...op-Application
    April 12, 2016

    Last edited by AplusWebMaster; 2016-04-12 at 22:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #108
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player Advisory, Acrobat/Reader updates released, ColdFusion Hotfixes available

    FYI...

    Flash Player Advisory
    - https://helpx.adobe.com/security/pro...apsa16-02.html
    May 10, 2016
    CVE number: CVE-2016-4117
    Platforms: Windows, Macintosh, Linux and Chrome OS
    Summary: A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog:
    > http://blogs.adobe.com/psirt/

    > https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-4117
    Last revised: 05/10/2016 - "... as exploited in the wild in May 2016."
    ___

    Acrobat, Reader 2015.016.20039, 11.0.16 released
    - https://helpx.adobe.com/security/pro...apsb16-14.html
    May 10, 2016
    CVE Numbers: CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
    The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
    For IT administrators (managed environments):
    - Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ or refer to the specific release note version for links to installers.
    - Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...

    Acrobat:
    > https://www.adobe.com/support/downlo...atform=Windows
    5/10/2016
    Reader:
    > https://www.adobe.com/support/downlo...atform=Windows
    5/10/2016
    ___

    Hotfixes available for ColdFusion
    - https://helpx.adobe.com/security/pro...apsb16-16.html
    May 10, 2016
    CVE numbers: CVE-2016-1113, CVE-2016-1114, CVE-2016-1115
    Platforms: All
    Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue (CVE-2016-1113), a host name verification problem with wild card certificates (CVE-2016-1115) and include an updated version of Apache Commons Collections library to mitigate java deserialization (CVE-2016-1114)...
    Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
    ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb...-update-1.html
    ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...-update-8.html
    ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-19.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide.
    ColdFusion (2016 release) Lockdown guide
    > http://wwwimages.adobe.com/content/d...down-guide.pdf
    ColdFusion 11 Lockdown Guide
    > http://www.adobe.com/content/dam/Ado...down-guide.pdf
    ColdFusion 10 Lockdown Guide
    > http://wwwimages.adobe.com/www.adobe...down-guide.pdf

    Last edited by AplusWebMaster; 2016-05-11 at 20:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #109
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 21.0.0.242 released

    FYI...

    Flash 21.0.0.242 released
    - https://helpx.adobe.com/security/pro...apsb16-15.html
    May 12, 2016
    CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild...
    Solution:
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.242 via the update mechanism within the product when prompted... or by visiting the Adobe Flash Player Download Center:
    > http://www.adobe.com/go/getflash
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.352 by visiting:
    > http://helpx.adobe.com/flash-player/...-versions.html
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.621 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.242 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.242.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK* and AIR SDK & Compiler update to version 21.0.0.215 by visiting the AIR download center or the AIR developer center.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html

    * Air 21.0: https://get.adobe.com/air/

    Revisions:
    May 13, 2016: Modified the affected versions of Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and 8.1 from 21.0.0.213 and earlier to 21.0.0.241 and earlier.
    May 19, 2016: Added CVE-2016-4120 and CVE-2016-4121, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
    June 3, 2016: Added CVE-2016-4160, CVE-2016-4161, CVE-2016-4162 and CVE-2016-4163, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
    ___

    > https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-4117
    Last revised: 05/13/2016 - "... as exploited in the wild in May 2016."
    CVSS v2 Base Score: 10.0 HIGH
    CVSS v3 Base Score: 9.8 Critical

    For I/E - some versions get 'Automatic' updates:
    - https://download.macromedia.com/get/...1_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._21_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    Last edited by AplusWebMaster; 2016-06-08 at 15:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #110
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2016.06.14

    FYI...

    Flash Player CVE-2016-4171 ...
    - https://helpx.adobe.com/security/pro...apsa16-03.html
    June 14, 2016
    CVE number: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-4171
    Platforms: Windows, Macintosh, Linux and Chrome OS
    Summary: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16..."

    >> https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-4171
    Last revised: 06/16/2016 - "... vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016..."
    ___

    ColdFusion Hotfixes available
    * https://helpx.adobe.com/security/pro...apsb16-22.html
    June 14, 2016
    CVE number: CVE-2016-4159
    Platforms: All
    Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2016-4159). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section...
    Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions...
    Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
    - ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb...-update-2.html
    - ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...-update-9.html
    - ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-20.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide..."

    - http://www.securitytracker.com/id/1036098
    CVE Reference: CVE-2016-4159
    Jun 14 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10, 11, 2016 ...
    Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (ColdFusion 10 Update 20, ColdFusion 11 Update 9, ColdFusion (2016 release) Update 2)...
    ___

    - https://blogs.adobe.com/psirt/?p=1361
    "Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22*). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin..."
    Adobe DNG SDK: https://helpx.adobe.com/security/pro...apsb16-19.html
    Adobe Brackets: https://helpx.adobe.com/security/pro...apsb16-20.html
    Adobe Creative Cloud Desktop Application:
    - https://helpx.adobe.com/security/pro...apsb16-21.html

    Last edited by AplusWebMaster; 2016-06-16 at 18:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •