Page 12 of 14 FirstFirst ... 2891011121314 LastLast
Results 111 to 120 of 139

Thread: Adobe updates/advisories

  1. #111
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 22.0.0.192, AIR 22.0.0.153 released

    FYI...

    Flash 22.0.0.192 released
    - https://helpx.adobe.com/security/pro...apsb16-18.html
    June 16, 2016
    CVE number: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks...
    Solution: ...
    Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.192 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
    Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.360 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
    Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.626 by visiting the Adobe Flash Player Download Center.
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.192 for Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.192.
    Please visit the Flash Player Help page for assistance in installing Flash Player.
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/ge...2_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/ge..._22_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    Adobe AIR 22.0.0.153 released
    - https://helpx.adobe.com/security/pro...apsb16-23.html
    June 16, 2016
    CVE number: CVE-2016-4126
    Platform: Windows
    Summary: Adobe has released a security update for Adobe AIR for Windows. This update addresses a vulnerability in the directory search path used by the AIR installer that could potentially allow an attacker to take control of the affected system...
    Solution: ...Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 22.0.0.153 by visiting the AIR download center* or the AIR developer center**...
    * http://get.adobe.com/air/

    ** http://www.adobe.com/devnet/air/air-sdk-download.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #112
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 22.0.0.209 released, Acrobat/Reader updates

    FYI...

    Flash 22.0.0.209 released
    - https://helpx.adobe.com/security/pro...apsb16-25.html
    July 12, 2016
    CVE number: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
    • Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.209 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
    • Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.366 by visiting:
    > http://helpx.adobe.com/flash-player/...-versions.html.
    • Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.632 by visiting the Adobe Flash Player Download Center.
    • Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.209 for Windows, Macintosh, Linux and Chrome OS.
    • Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.209.
    Please visit the Flash Player Help page for assistance in installing Flash Player.
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/ge...2_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/ge..._22_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1036280
    CVE Reference: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
    Jul 12 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 22.0.0.192 and prior ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can bypass security controls on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (22.0.0.209, ESR 18.0.0.366); 11.2.202.632 for Linux...
    ___

    Adobe Acrobat/Reader 11.0.17, 15.017.20050, 15.006.30198 updates
    - https://helpx.adobe.com/security/pro...apsb16-26.html
    Last Updated: July 12, 2016
    CVE numbers: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    [See: 'Affected Versions'...]
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
    The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
    > http://get.adobe.com/reader ...

    Acrobat for Windows: https://www.adobe.com/support/downlo...atform=Windows
    7/12/2016
    Acrobat for Macintosh: https://www.adobe.com/support/downlo...1&platform=Mac
    7/12/2016

    - http://www.securitytracker.com/id/1036281
    CVE Reference: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
    Jul 12 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 15.016.20045 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (11.0.17 ,15.006.30198, 15.017.20050)...
    ___

    Adobe XMP Toolkit for Java
    - https://helpx.adobe.com/security/pro...apsb16-24.html
    July 12, 2016
    CVE number: CVE-2016-4216
    Platform: All
    Summary: Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216)...
    Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
    Adobe XMP Toolkit for Java - 5.1.3 - All
    Adobe XMP toolkit for Java users can download the updated version via the following download page:
    > http://www.adobe.com/devnet/xmp.html ...
    Adobe expects the updated version to be available during the week of July 11, 2016..."
    ___

    > https://www.us-cert.gov/ncas/current...curity-Updates
    July 12, 2016

    Last edited by AplusWebMaster; 2016-07-12 at 22:42.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #113
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe ColdFusion Hotfixes

    FYI...

    Security Update: Hotfixes available for ColdFusion
    - https://helpx.adobe.com/security/pro...apsb16-30.html
    Aug 30, 2016
    CVE number: CVE-2016-4264
    Platforms: All
    Summary: Adobe has released security hotfixes for ColdFusion versions 10 and 11. These hotfixes resolve a critical vulnerability that could lead to information disclosure (CVE-2016-4264). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below.
    Affected Versions / Platform
    ColdFusion 11 Update 9 and earlier versions All
    ColdFusion 10 Update 20 and earlier versions All
    Note: The ColdFusion 2016 release is not affected by CVE-2016-4264.
    Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions:
    Product Hotfix Version Platform Priority rating Availability
    ColdFusion 11 Update 10 All 2 Tech note: http://helpx.adobe.com/coldfusion/kb...update-10.html
    ColdFusion 10 Update 21 All 2 Tech note: https://helpx.adobe.com/coldfusion/k...update-21.html
    Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
    ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...update-10.html
    ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-21.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide...
    Revisions:
    Sep 1, 2016: As of September 1, Adobe is aware of publicly available proof-of-concept code, and we have modified the priority of these hotfixes from Priority 2 to Priority 1.
    ___

    - http://www.securitytracker.com/id/1036708
    CVE Reference: CVE-2016-4264
    Aug 31 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10 Update 20 and prior, 11 Update 9 and prior ...
    Impact: A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (10 Update 21, 11 Update 10)...
    ___

    - https://www.us-cert.gov/ncas/current...tes-ColdFusion
    Aug 30, 2016

    Last edited by AplusWebMaster; 2016-09-10 at 21:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #114
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 23.0.0.162, AIR 23.0.0.257, Digital Editions 4.5.2 released

    FYI...

    Flash 23.0.0.162 released
    - https://helpx.adobe.com/security/pro...apsb16-29.html
    Sep 13, 2016
    CVE number: CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.162 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.375 by visiting: http://helpx.adobe.com/flash-player/...-versions.html
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.635 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.162 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.162.
    - Please visit the Flash Player Help page for assistance in installing Flash Player.
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/ge...3_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/ge..._23_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1036791
    CVE Reference: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
    Sep 13 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 22.0.0.211 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (23.0.0.162, ESR 18.0.0.375; 11.2.202.635 for Linux)...
    ___

    AIR 23.0.0.257 released
    - https://helpx.adobe.com/security/pro...apsb16-31.html
    Sep 13, 2016
    CVE number: CVE-2016-6936
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for Adobe AIR SDK & Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update... recommends users update their installation to the newest version:
    Adobe Air SDK & Compiler 23.0.0.257 Windows ...

    AIR v23.0: https://get.adobe.com/air/

    AIR Developer Center: https://www.adobe.com/devnet/air/air-sdk-download.html

    - http://www.securitytracker.com/id/1036792
    CVE Reference: CVE-2016-6936
    Sep 13 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 22.0.0.153 and prior ...
    Impact: A remote user can obtain potentially runtime analytic information communicated by target Android-based systems.
    Solution: The vendor has issued a fix (23.0.0.257)...
    ___

    Adobe Digital Editions 4.5.2 released
    - https://helpx.adobe.com/security/pro...apsb16-28.html
    Sep 13, 2016
    CVE numbers: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
    Platform: Windows, Macintosh, iOS and Android
    Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution.
    Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:
    Adobe Digital Editions 4.5.2
    Windows: https://www.adobe.com/solutions/eboo.../download.html

    Macintosh: https://www.adobe.com/solutions/eboo.../download.html

    iOS: iTunes: https://itunes.apple.com/us/app/adob...952977781?mt=8
    Playstore: https://play.google.com/store/apps/d...igitaleditions

    - http://www.securitytracker.com/id/1036793
    CVE Reference: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
    Sep 13 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 4.5.1 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (4.5.2)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Sep 13, 2016

    Last edited by AplusWebMaster; 2016-09-14 at 13:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #115
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates 2016.10.11

    FYI...

    Flash 23.0.0.185 released
    - https://helpx.adobe.com/security/pro...apsb16-32.html
    Oct 11, 2016
    CVE number: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
    Platform: Windows, Macintosh, Linux and ChromeOS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.185 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.382 by visiting http://helpx.adobe.com/flash-player/...-versions.html.
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.637 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.185 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.185.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    - https://helpx.adobe.com/flash-player.html
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1036985
    CVE Reference: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
    Oct 11 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 23.0.0.162 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (23.0.0.185; ESR 18.0.0.382; 11.2.202.637 for Linux)...
    ___

    Acrobat / Reader 15.020.20039 released
    - https://helpx.adobe.com/security/pro...apsb16-33.html
    Oct 11, 2016
    CVE numbers: CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
    The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
    > http://get.adobe.com/reader
    For IT administrators (managed environments):
    - Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/
    or refer to the specific release note version for links to installers.
    - Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.

    >> https://www.adobe.com/support/downloads/new.jsp

    Acrobat for Windows: https://www.adobe.com/support/downlo...atform=Windows

    Adobe Reader for Windows: https://www.adobe.com/support/downlo...atform=Windows
    ___

    Creative Cloud 3.8.0.310 released
    - https://helpx.adobe.com/security/pro...apsb16-34.html
    Oct 11, 2016
    CVE number: CVE-2016-6935
    Platform: Windows
    Summary: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an unquoted search path vulnerability in the Creative Cloud Desktop Application...
    Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
    Creative Cloud Desktop Application - Creative Cloud 3.8.0.310 - Windows
    For more details, visit: https://www.adobe.com/creativecloud/desktop-app.html
    For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
    > https://helpx.adobe.com/creative-clo...-licenses.html
    Refer to this help page* for more information on the Creative Cloud Packager.
    * https://helpx.adobe.com/creative-cloud/packager.html

    Last edited by AplusWebMaster; 2016-10-12 at 11:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #116
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 23.0.0.205 released

    FYI...

    Flash 23.0.0.205 released
    - https://helpx.adobe.com/security/pro...apsb16-36.html
    Oct 26, 2016
    CVE number: CVE-2016-7855
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.205 via the update mechanism within the product [1], or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.205 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.205.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    > The final release of the ESR occurred on October 11, 2016 and it is now discontinued.
    ___

    - http://www.securitytracker.com/id/1037111
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2016-7855
    Oct 26 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 23.0.0.185 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (23.0.0.205; 11.2.202.643 for Linux)...
    ___

    - https://www.adobe.com/support/flashp...oads.html#fp15
    10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.

    Last edited by AplusWebMaster; 2016-10-26 at 23:02.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #117
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 23.0.0.207, Connect 9.5.7 released

    FYI...

    Flash 23.0.0.207 released
    - https://helpx.adobe.com/security/pro...apsb16-37.html
    Nov 8, 2016
    CVE number: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.207 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.644 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.207 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.207.
    -Please visit the Flash Player Help page* for assistance in installing Flash Player.
    * https://helpx.adobe.com/flash-player.html
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1037240
    CVE Reference: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
    Nov 8 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 23.0.0.205 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (23.0.0.207 for Windows and Mac, 11.2.202.644 for Linux)...
    ___

    Adobe Connect 9.5.7 released
    - https://helpx.adobe.com/security/pro...apsb16-35.html
    Nov 8, 2016
    CVE number: CVE-2016-7851
    Platform: Windows
    Summary: Adobe has released a security update for Adobe Connect for Windows. This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks. Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below...
    Solution: Adobe recommends customers update the Connect instance to the newest version by following the instructions below.
    Note: This issue will be automatically resolved for Connect customers using Adobe's hosted services once the account is upgraded to Connect 9.5.7...
    Release Notes: Adobe Connect 9.5.7 is a maintenance release and is available as a patch. It fixes several issues to make the user workflows smoother...
    Adobe Connect Help: http://helpx.adobe.com/adobe-connect.html
    Adobe Connect Support: http://www.adobe.com/support/connect...edsupport.html

    - http://www.securitytracker.com/id/1037239
    CVE Reference: CVE-2016-7851
    Nov 8 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 9.5.6 and prior...
    Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (9.5.7).
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Nov 8, 2016

    Last edited by AplusWebMaster; 2016-11-09 at 11:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #118
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Updates - 2016.12.13

    FYI...

    Flash 24.0.0.186 released
    - https://helpx.adobe.com/security/pro...apsb16-39.html
    Dec 13, 2016
    CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
    Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 24.0.0.186 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 24.0.0.186 by visiting the Adobe Flash Player Download Center
    - http://www.adobe.com/go/getflash
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.186 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.186.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1037442
    CVE Reference: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
    Dec 13 2016
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 23.0.0.207 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (24.0.0.186)...
    ___

    Adobe Animate 16.0.0.112 realeased
    - https://helpx.adobe.com/security/pro...apsb16-38.html
    Dec 13, 2016
    CVE number: CVE-2016-7866
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for Adobe Animate for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
    > https://creative.adobe.com/products/download/animate
    For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information...
    ___

    Adobe Experience Manager Forms
    - https://helpx.adobe.com/security/pro...apsb16-40.html
    Dec 13, 2016
    CVE number: CVE-2016-6933, CVE-2016-6934
    Platform: Windows, Linux, Solaris and AIX
    Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks...
    Solution:... recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team:
    > https://helpx.adobe.com/marketing-cl...t-support.html
    ___

    Adobe DNG Converter 9.8
    - https://helpx.adobe.com/security/pro...apsb16-41.html
    Dec 13, 2016
    CVE number: CVE-2016-7856
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for the Adobe DNG Converter for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
    Solution: ... recommends users update their installation to the newest version...
    For more information, please reference the release notes:
    - https://blogs.adobe.com/lightroomjou...available.html
    ___

    Adobe Experience Manager
    - https://helpx.adobe.com/security/pro...apsb16-42.html
    Dec 13, 2016
    CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
    Platform: Windows, Unix, Linux and OS X
    Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885)...
    Solution: Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0...

    6.0: https://docs.adobe.com/docs/en/aem/6...checklist.html
    6.1: https://docs.adobe.com/docs/en/aem/6...checklist.html
    6.2: https://docs.adobe.com/docs/en/aem/6...checklist.html
    ___

    Security updates available for InDesign
    - https://helpx.adobe.com/security/pro...apsb16-43.html
    Dec 13, 2016
    CVE number: CVE-2016-7886
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability...
    Solution: ... recommends users update their installation to the newest version:
    InDesign 12.0.0 Windows and Macintosh:
    Relase Notes: https://helpx.adobe.com/indesign/rel...n-cc-2017.html
    InDesign Server 12.0.0 Windows and Macintosh
    Release Notes: https://helpx.adobe.com/indesign/rel...ase-notes.html
    ___

    ColdFusion Builder
    - https://helpx.adobe.com/security/pro...apsb16-44.html
    Dec 13, 2016
    CVE number: CVE-2016-7887
    Platforms: Windows, Linux and Macintosh
    Summary: Adobe has released a security update for ColdFusion Builder for Windows, Linux, and Macintosh. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-7887)...
    Solution: ... recommends users update their installations to the newest versions:
    ColdFusion Builder 2016 Update 3 - Tech note:
    > https://helpx.adobe.com/coldfusion/k...-update-3.html
    ColdFusion Builder 3.0 3.0.3 Hotfix - Tech note:
    > https://helpx.adobe.com/coldfusion/k...-3-update.html
    ___

    Adobe Digital Editions 4.5.3
    - https://helpx.adobe.com/security/pro...apsb16-45.html
    Dec 13, 2016
    CVE numbers: CVE-2016-7888, CVE-2016-7889
    Platform: Windows, Macintosh and Android
    Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure...
    Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version 4.5.3 ...
    Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
    * https://www.adobe.com/solutions/eboo.../download.html
    For more information, please reference the release notes:
    - http://www.adobe.com/solutions/ebook...ase-notes.html
    ___

    Security update available for RoboHelp 2015.0.4
    - https://helpx.adobe.com/security/pro...apsb16-46.html
    Dec 13, 2016
    CVE number: CVE-2016-7891
    Platforms: Windows
    Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation issue that could be used in cross-site scripting attacks...
    Download: https://www.adobe.com/support/robohelp/downloads.html
    Tech note: https://helpx.adobe.com/robohelp/kb/...erability.html
    Release notes: https://www.adobe.com/robohelp/Adobe...0_1_ReadMe.pdf
    KB article: https://helpx.adobe.com/robohelp/kb/...erability.html

    Last edited by AplusWebMaster; 2016-12-14 at 16:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #119
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.01.10

    FYI...

    Adobe Flash 24.0.0.194 released
    - https://helpx.adobe.com/security/pro...apsb17-02.html
    Jan 10, 2017
    CVE numbers: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to 24.0.0.194 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.194 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.194.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1037570
    CVE Reference: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
    Jan 10 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 24.0.0.186 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (24.0.0.194)...
    ___

    Adobe Acrobat/Reader updates released
    - https://helpx.adobe.com/security/pro...apsb17-01.html
    Jan 10, 2017
    CVE numbers: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
    > http://get.adobe.com/reader

    Updated Versions:
    Acrobat DC/Reader DC: 15.023.20053
    Acrobat DC Classic/Reader DC Classic: 15.006.30279
    Acrobat XI Desktop/Reader XI Desktop: 11.0.19

    Acrobat: https://www.adobe.com/support/downloads/new.jsp

    Reader: https://www.adobe.com/support/downlo...atform=Windows

    - http://www.securitytracker.com/id/1037574
    CVE Reference: CVE-2016-6937, CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
    Jan 10 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (11.0.19, 15.006.30279)...

    Last edited by AplusWebMaster; 2017-01-10 at 22:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #120
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.02.14

    FYI...

    Flash 24.0.0.221 released
    - https://helpx.adobe.com/security/pro...apsb17-04.html
    Feb 14, 2017
    CVE number: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 24.0.0.221 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.221 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.221.
    - Please visit the Flash Player Help page for assistance in installing Flash Player.
    [1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1037815
    CVE Reference: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
    Feb 14 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Version(s): 24.0.0.194 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (24.0.0.221)...
    ___

    Adobe Digital Editions 4.5.4 released
    - https://helpx.adobe.com/security/pro...apsb17-05.html
    Feb 14, 2017
    CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981
    Platform: Windows, Macintosh and Android
    Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak...
    Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
    * https://www.adobe.com/solutions/eboo.../download.html
    For more information, please reference the release notes**."
    ** http://www.adobe.com/solutions/ebook...ase-notes.html
    ___

    Adobe Campaign updates released
    - https://helpx.adobe.com/security/pro...apsb17-06.html
    Feb 14, 2017
    CVE number: CVE-2017-2968, CVE-2017-2969
    Platform: Windows and Linux
    Summary: Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves a moderate security bypass affecting the Adobe Campaign client console. An authenticated user with access to the client console could upload and execute a malicious file, potentially resulting in read and write access to the system (CVE-2017-2968). This update also resolves a moderate input validation issue that could be used in cross-site scripting attacks (CVE-2017-2969)...
    Solution: Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version...
    Release Notes: https://docs.campaign.adobe.com/doc/...n/RN.html#8757
    - Customers may refer to the FAQ* for instructions on downloading the latest build.
    * https://docs.campaign.adobe.com/doc/...hangelog%29%3F
    For customers with Adobe Campaign 16.4 Build 8724 and earlier, please refer to the documentation page** for instructions to resolve CVE-2017-2968 by restricting uploads by file type.
    ** http://docs.campaign.adobe.com/doc/A...loadable_files
    Please refer to this documentation page*** for assistance in upgrading Adobe Campaign server, and this documentation page for assistance in upgrading the Client Console.
    *** https://docs.campaign.adobe.com/doc/...t_console.html

    Last edited by AplusWebMaster; 2017-02-15 at 10:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •