Page 13 of 14 FirstFirst ... 391011121314 LastLast
Results 121 to 130 of 139

Thread: Adobe updates/advisories

  1. #121
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.03.14

    FYI...

    Flash 25.0.0.127 released
    - https://helpx.adobe.com/security/pro...apsb17-07.html
    Mar 14, 2017
    CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.127 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.127 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.127.
    Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1037994
    CVE Reference: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
    Mar 14 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 24.0.0.221 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (25.0.0.127)...
    ___

    Shockwave Player 12.2.8.198 released
    - https://helpx.adobe.com/security/pro...apsb17-08.html
    Mar 14, 2017
    CVE number: CVE-2017-2983
    Platform: Windows
    Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an?important vulnerability that could potentially lead to escalation of privilege...
    Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.7.197 and earlier versions for Windows update to Adobe Shockwave Player 12.2.8.198 by visiting the Adobe Shockwave Player Download Center:
    - https://get.adobe.com/shockwave/

    - http://www.securitytracker.com/id/1037993
    CVE Reference: CVE-2017-2983
    Mar 14 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 12.2.7.197 and prior ...
    Impact: A local user can obtain elevated privileges on the target system.
    Solution: The vendor has issued a fix (12.2.8.198)...

    Last edited by AplusWebMaster; 2017-03-15 at 11:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #122
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Updates - 2017.04.11

    FYI...

    Flash 25.0.0.148 released
    - https://helpx.adobe.com/security/pro...apsb17-10.html
    April 11, 2017
    CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
    Platform: Windows, Macintosh, Linux and Chrome OS ...
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.148 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.148 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.148.
    Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1038225
    CVE Reference: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
    Apr 11 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 25.0.0.127 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (25.0.0.148)...
    ___

    Adobe Acrobat and Reader Updates
    - https://helpx.adobe.com/security/pro...apsb17-11.html
    April 11, 2017
    CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017,
    CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052,
    CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
    Platform: Windows and Macintosh ...
    Solution: Adobe recommends users update their software installations to the latest versions by following the
    instructions below.
    The latest product versions are available to end users via one of the following methods:
    > Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user intervention, when updates are detected.
    The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
    - https://get.adobe.com/reader/
    For IT administrators (managed environments):
    > Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ or refer to the specific release note version for links to installers.
    Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
    For more information on Acrobat DC, please visit the Acrobat DC FAQ page:
    - https://helpx.adobe.com/acrobat/faq.html
    For more information on Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page:
    - https://helpx.adobe.com/reader/faq.html
    Acrobat for Windows
    > http://supportdownloads.adobe.com/pr...atform=Windows
    Reader for Windows
    > http://supportdownloads.adobe.com/pr...atform=Windows
    Acrobat for Macintosh
    > http://supportdownloads.adobe.com/pr...1&platform=Mac
    Reader for Macintosh
    > http://supportdownloads.adobe.com/pr...0&platform=Mac

    - http://www.securitytracker.com/id/1038228
    CVE Reference: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
    Apr 11 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (Classic 2015.006.30306, Continuous 2017.009.20044, XI 11.0.20)...
    ___

    Adobe Photoshop CC
    - https://helpx.adobe.com/security/pro...apsb17-12.html
    April 11, 2017
    CVE number: CVE-2017-3004, CVE-2017-3005
    Platform: Windows and Macintosh...
    ___

    Creative Cloud Desktop Application
    - https://helpx.adobe.com/security/pro...apsb17-13.html
    April 11, 2017
    CVE number: CVE-2017-3006, CVE-2017-3007
    Platform: Windows
    ___

    Adobe Campaign
    - https://helpx.adobe.com/security/pro...apsb17-09.html
    April 11, 2017
    CVE number: CVE-2017-2989
    Platform: Windows and Linux
    ___

    Qualys analysis:
    - https://blog.qualys.com/laws-of-vuln...oshop-in-april
    April 11, 2017 - "Adobe released -five- security bulletins today... Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take complete control of user’s computer if the user views malicious flash content hosted by the attacker. Although flash based exploit kit activity has reduced as compared to last year we still recommend updating this first..."
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    April 11, 2017

    Last edited by AplusWebMaster; 2017-04-12 at 22:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #123
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion Hotfixes available

    FYI...

    ColdFusion Hotfixes available
    - https://helpx.adobe.com/security/pro...apsb17-14.html
    April 25, 2017
    CVE number: CVE-2017-3008, CVE-2017-3066
    Platforms: All
    Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below...
    Solution: ... Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
    ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb...-update-4.html
    ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...update-12.html
    ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-23.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
    ColdFusion (2016 release) Lockdown guide:
    - http://wwwimages.adobe.com/content/d...down-guide.pdf
    ColdFusion 11 Lockdown Guide:
    - https://www.adobe.com/content/dam/Ad...down-guide.pdf
    ColdFusion 10 Lockdown Guide:
    - https://www.adobe.com/content/dam/Ad...down-guide.pdf

    - http://www.securitytracker.com/id/1038364
    CVE Reference: CVE-2017-3008, CVE-2017-3066
    Apr 26 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10, 11, 2016 ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (10 Update 23, 11 Update 12, 2016 Update 4)...
    ___

    - https://www.us-cert.gov/ncas/current...tes-ColdFusion
    April 26, 2017

    Last edited by AplusWebMaster; 2017-04-26 at 19:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #124
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.05.09

    FYI...

    Flash 25.0.0.171 released
    - https://helpx.adobe.com/security/pro...apsb17-15.html
    May 9, 2017
    CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
    Platform: Windows, Macintosh, Linux and Chrome OS
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.171 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center...
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.171 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.171.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1038427
    CVE Reference: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
    May 9 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 25.0.0.148 and prior (Windows/Linux); 25.0.0.163 and prior (Mac)...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (25.0.0.171)...
    ___

    Adobe Experience Manager Forms
    - https://helpx.adobe.com/security/pro...apsb17-16.html
    May 9, 2017
    CVE number: CVE-2017-3067
    Platform: Windows, Linux, Solaris and AIX
    Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms...
    Solution: Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
    Adobe Experience Manager Forms 6.2 6.2 SP1 CFP3 Windows, Linux, Solaris and AIX
    Release Notes: https://helpx.adobe.com/experience-m...-fix-pack.html
    Adobe Experience Manager Forms 6.1 6.1 SP2 CFP8 Windows, Linux, Solaris and AIX
    Release Notes: https://helpx.adobe.com/experience-m...fix-pack-.html
    Adobe Experience Manager Forms 6.0 HotFix 2.0.58 Windows, Linux, Solaris and AIX
    Release Notes: https://helpx.adobe.com/aem-forms/qu...rm-2-0-58.html

    - http://www.securitytracker.com/id/1038428
    CVE Reference: CVE-2017-3067
    May 9 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6.0, 6.1, 6.2 ...
    Impact: A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (6.0 HotFix 2.0.58, 6.1 SP2 CFP8, 6.2 SP1 CFP3)...

    Last edited by AplusWebMaster; 2017-05-10 at 13:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #125
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.06.13

    FYI...

    Flash 26.0.0.126 released
    - https://helpx.adobe.com/security/pro...apsb17-17.html
    Jun 13, 2017
    Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.120.
    Please visit the Flash Player Help page* for assistance in installing Flash Player.
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
    * https://helpx.adobe.com/flash-player.html

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1038655
    CVE Reference: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
    Jun 13 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 25.0.0.171 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (26.0.0.126)...
    ___

    Shockwave 12.2.9.199 released
    - https://helpx.adobe.com/security/pro...apsb17-18.html
    Jun 13, 2017
    Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical memory corruption vulnerability that could lead to code execution...
    Adobe recommends users of Adobe Shockwave Player 12.2.8.198 and earlier versions for Windows update to Adobe Shockwave Player 12.2.9.199 by visiting the Adobe Shockwave Player Download Center:
    > https://get.adobe.com/shockwave/
    ___

    Adobe Captivate 10.0.0.192
    - https://helpx.adobe.com/security/pro...apsb17-19.html
    Jun 13, 2017
    Summary: Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate...
    10.0.0.192: https://helpx.adobe.com/captivate/re...ase-notes.html
    Tech note: https://helpx.adobe.com/captivate/kb...captivate.html
    ___

    Adobe Digital Editions 4.5.5
    - https://helpx.adobe.com/security/pro...apsb17-20.html
    Jun 13, 2017
    Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses...
    Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
    Adobe Digital Editions 4.5.5
    Windows: https://www.adobe.com/solutions/eboo.../download.html
    Macintosh: https://www.adobe.com/solutions/eboo.../download.html
    iOS: https://itunes.apple.com/us/app/adob...952977781?mt=8
    Android: https://play.google.com/store/apps/d...igitaleditions

    Last edited by AplusWebMaster; 2017-06-14 at 00:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #126
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 26.0.0.131 released

    FYI...

    Flash 26.0.0.131 released

    Yours may have -automatically- updated to 26,0,0,131 - check here:
    > https://get.adobe.com/flashplayer/about/
    ... 'should read:
    "You have version 26,0,0,131 installed" - if NOT, use the -manual- downloads below!
    [ALL browsers installed on your system]

    > https://helpx.adobe.com/flash-player...ase_notes.html
    June 16, 2017 - "In today's release, we've updated Flash Player to address a bug that was impacting some Flash content. If you are having problems interacting with mouse button presses or drag and drop actions, we recommend you update..."
    ___

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe
    ___

    Ref: http://www.computerworld.com/article...an-update.html
    Jun 18, 2017
    ___

    Flash Player Download Center
    > https://get.adobe.com/flashplayer/
    Version 26.0.0.131

    Last edited by AplusWebMaster; 2017-06-27 at 17:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #127
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 26.0.0.137, Adobe Connect 9.6.2 released

    FYI...

    Flash 26.0.0.137 released
    - https://helpx.adobe.com/security/pro...apsb17-21.html
    July 11, 2017
    "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.137.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    - https://chl-author-preview.corp.adob...sh-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1038845
    CVE Reference: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
    Jul 11 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 26.0.0.131 and before...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (26.0.0.137)...
    ___

    Adobe Connect 9.6.2 released
    - https://helpx.adobe.com/security/pro...apsb17-22.html
    July 11, 2017
    "Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101)...
    > https://helpx.adobe.com/adobe-connec...ase-notes.html
    "... Adobe Connect 9.6.2 will be rolled out in phases:
    On-premise: Adobe Connect 9.6.2 installer for customer on-premise deployments (all supported locales): Jun 26th, 2017
    Hosted: Adobe Connect 9.6.2 service hosted by Adobe: Starting Jun 19th, 2017
    Managed Services: Adobe-managed customer-specific cloud deployment of Adobe Connect: Updates are scheduled based on customer requirements. Reach out to your Adobe Connect managed services representative to schedule your update..."

    - http://www.securitytracker.com/id/1038846
    CVE Reference: CVE-2017-3101, CVE-2017-3102, CVE-2017-3103
    Jul 11 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 9.6.1 and before...
    Impact: A remote user can conduct clickjacking attacks.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (9.6.2)...

    Last edited by AplusWebMaster; 2017-07-11 at 22:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #128
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Adobe Flash - EOL end of 2020

    FYI...

    Adobe Flash - EOL end of 2020
    - https://blogs.adobe.com/conversation...sh-update.html
    July 25, 2017 - "... as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web... Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats..."

    ... i.e.: HTML5, WebGL and WebAssembly.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #129
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default Security Update Available for Adobe Acrobat and Reader | APSB17-24

    Summary.

    Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system.

    https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  10. #130
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 26.0.0.151 released

    FYI...

    > https://helpx.adobe.com/security.html

    Flash 26.0.0.151 released
    - https://helpx.adobe.com/security/pro...apsb17-23.html
    Aug 8, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure...
    Solution: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.151 via the update mechanism within the product[1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.151 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.151.
    - Please visit the Flash Player Help page for assistance in installing Flash Player*.
    * https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1039088
    CVE Reference: CVE-2017-3085, CVE-2017-3106
    Aug 8 2017
    Version(s): 26.0.0.137 and prior
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (26.0.0.151)...
    ___

    Adobe Experience Manager...
    - https://helpx.adobe.com/security/pro...apsb17-26.html
    Aug 8 2017 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve an important file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110)..."
    [Release notes for multiple versions at the URL above.]

    - http://www.securitytracker.com/id/1039099
    CVE Reference: CVE-2017-3107, CVE-2017-3108, CVE-2017-3110
    Aug 8 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 6.0, 6.1, 6.2, 6.3 ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix...
    ___

    Adobe Digital Editions...
    - https://helpx.adobe.com/security/pro...apsb17-27.html
    Aug 8 2017 - "Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure..."
    Release Notes: https://www.adobe.com/solutions/eboo...ase-notes.html

    - http://www.securitytracker.com/id/1039100
    CVE Reference: CVE-2017-11272, CVE-2017-11274, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280, CVE-2017-1129, CVE-2017-3091
    Aug 8 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 4.5.5 and before ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (4.5.6)...

    Last edited by AplusWebMaster; 2017-08-13 at 18:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •