Page 3 of 14 FirstFirst 123456713 ... LastLast
Results 21 to 30 of 139

Thread: Adobe updates/advisories

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.3.300.268 released

    FYI...

    Flash v11.3.300.268 released
    - http://forums.adobe.com/message/4582208#4582208
    Jul 26, 2012 - "Flash Player 11.3.300.268 for Windows and Macintosh was released to address stability issues when browsing and playing Flash content. For full details on the 11.3 release, please see our release notes*..."
    * http://www.adobe.com/support/documen...easenotes.html

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/
    2012.07.27
    ... The table below contains the latest Flash Player version information:
    Windows:
    Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.268
    Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.268
    Macintosh:
    OS X Firefox, Opera, Safari 11.3.300.268

    Last edited by AplusWebMaster; 2012-07-27 at 21:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.3.300.270 released

    FYI...

    Flash v11.3.300.270 released
    - http://forums.adobe.com/message/4594596#4594596
    Aug 2, 2012 - "... Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi's (available on the distribution page.) No other platforms are affected... Please be aware that this release is -not- available from the Product Download Center (get.adobe.com/flashplayer) which will continue to provide 11.3.300.268. We realize that this might cause confusion for some users. Due to the severity of this issue, we decided to make this build available immediately to help customers affected by this bug. Due to logistical issues and time constraints, we were unable to update the release on the Product Download Center. The next release of Flash Player will correct this disparity. Please note that unless you have been affected by the FlashPlayerUpdateService.exe crash, both 11.3.300.270 and 11.3.300.268 will be functionally identical. This release will be distributed using the following methods:
    • Silent auto update - If enabled and functional, the silent auto update service will automatically install this build within 24 hours.
    • Direct download - You can download the installers directly using the links below
    IE:
    - http://download.macromedia.com/pub/f..._player_ax.exe
    Plugin-based browsers:
    - http://download.macromedia.com/pub/f...ash_player.exe
    ___

    - https://blogs.adobe.com/psirt/2012/0...d-acrobat.html
    August 9, 2012 - "... upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 14, 2012..."
    > http://www.adobe.com/go/apsb12-16

    Adobe warns of critical holes in Reader, Acrobat
    - http://atlas.arbor.net/briefs/
    Severity: High Severity
    August 09, 2012
    Adobe is releasing patches on August 14th to resolve security holes.
    Analysis: ... keep these packages up-to-date with automatic update features and ensure updates are applied. Extra layers of hardening around software that integrates with the browser and email client is recommended as these are frequently attacked...

    Last edited by AplusWebMaster; 2012-08-10 at 23:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash-Reader-Acrobat-Shockwave critical updates - 2012.08.14 ...

    FYI...

    > https://www.adobe.com/support/security/

    Flash updates v11.3.300.271 / v11.2.202.238 released
    - https://www.adobe.com/support/securi...apsb12-18.html
    August 14, 2012
    CVE number: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1535 - 9.3 (HIGH)
    Platform: Windows, Macintosh and Linux
    Summary: Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
    There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.271.
    - Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
    - Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 21.0.1180.79...

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    - https://secunia.com/advisories/50285/
    Last Update: 2012-08-15
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1535
    ... vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.
    Solution: Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.
    Original Advisory: Adobe:
    http://www.adobe.com/support/securit...apsb12-18.html
    ___

    Adobe Shockwave v11.6.6.636 released
    - https://www.adobe.com/support/securi...apsb12-17.html
    August 14, 2012
    CVE number: CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
    Platform: Windows and Macintosh
    Summary:Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system...
    Solution: Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to the newest version 11.6.6.636, available here:
    http://get.adobe.com/shockwave/ ...

    - https://secunia.com/advisories/50283/
    Release Date: 2012-08-14
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    Solution: Update to version 11.6.6.636.
    Original Advisory: Adobe:
    http://www.adobe.com/support/securit...apsb12-17.html
    ___

    Adobe Reader/Acrobat X v10.1.4 released
    - https://www.adobe.com/support/securi...apsb12-16.html
    August 14, 2012
    CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
    [Adobe Reader/Acrobat 9.x -before- 9.5.2 and 10.x -before- 10.1.4 on Windows and Mac OS X]
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    Users of Adobe Reader X (10.1.3) and earlier versions for Windows and Macintosh should update to Adobe Reader X (10.1.4).
    For users of Adobe Reader 9.5.1 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.4), Adobe has made available the update Adobe Reader 9.5.2.
    Users of Adobe Acrobat X (10.1.3) for Windows and Macintosh should update to Adobe Acrobat X (10.1.4).
    Users of Adobe Acrobat 9.5.1 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2...
    Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
    Adobe Reader users on Windows can also find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows
    Adobe Reader users on Macintosh can also find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh
    Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
    Acrobat Standard and Pro users on Windows can also find the appropriate update here:
    http://www.adobe.com/support/downloa...atform=Windows
    Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
    Acrobat Pro users on Macintosh can also find the appropriate update here:
    http://www.adobe.com/support/downloa...form=Macintosh ...

    - https://secunia.com/advisories/50281/
    Last Update: 2012-08-15
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Partial Fix ...
    Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
    Solution: Apply updates if available.
    Original Advisory: Adobe:
    http://www.adobe.com/support/securit...apsb12-16.html

    - https://secunia.com/advisories/50290/
    Release Date: 2012-08-15
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
    ... vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
    Solution: No official solution is currently available...
    Original Advisory: http://j00ru.vexillium.org/?p=1175

    >> http://h-online.com/-1668153
    15 August 2012

    Last edited by AplusWebMaster; 2012-08-18 at 23:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.4.402.265 released

    Win8 users vulnerable to active Flash exploits
    - https://www.computerworld.com/s/arti...Flash_exploits
    Sep 08, 2012
    ___

    - https://krebsonsecurity.com/2012/08/...fixes-5-flaws/
    Aug. 21, 2012 - "For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild..."

    Flash v11.4.402.265 released
    - https://www.adobe.com/support/securi...apsb12-19.html
    August 21, 2012
    CVE number: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
    Platform: All Platforms
    Details: Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
    Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
    Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh
    Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
    Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
    Revisions: Aug 30, 2012 - Added information regarding CVE-2012-4171
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4171
    08/31/2012

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/
    ___

    >> http://get.adobe.com/air/
    Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
    Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
    Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.

    > These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
    These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
    These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168)...

    - https://www.adobe.com/support/securi...y_ratings.html
    "Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours)."
    ___

    - https://secunia.com/advisories/50354/
    Release Date: 2012-08-22
    Criticality level: Highly critical
    Impact: Exposure of sensitive information, System access
    Where: From remote
    Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
    Solution: Update to a fixed version.
    Original Advisory: Adobe:
    http://www.adobe.com/support/securit...apsb12-19.html

    - http://www.securitytracker.com/id/1027422
    CVE Reference:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4163 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4164 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4165 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4166 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4167 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4168 - 4.3
    Aug 22 2012
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Version(s): 11.3.300.271 and prior
    Solution: The vendor has issued a fix (11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x)...

    Last edited by AplusWebMaster; 2012-09-09 at 18:02.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion DoS vuln/hotfix

    FYI...

    ColdFusion DoS vuln/hotfix
    - https://secunia.com/advisories/50523/
    Release Date: 2012-09-11
    Criticality level: Moderately critical
    Impact: DoS
    Where: From remote
    Software: Adobe ColdFusion 10.x, 8.x, 9.x
    CVE Reference: CVE-2012-2048
    Original Advisory: http://www.adobe.com/support/securit...apsb12-21.html
    Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
    Affected software versions: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
    Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
    http://helpx.adobe.com/coldfusion/kb...apsb12-21.html .
    ___

    - http://www.securitytracker.com/id/1027516
    Sep 11 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Adobe revocation of code signing certificate

    FYI...

    Adobe revocation of code signing certificate
    - https://www.adobe.com/support/securi...apsa12-01.html
    Sep 27, 2012 - "Summary: Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates signed using a new digital certificate for all affected products...
    Affected software versions: The vast majority of Adobe customers will not be impacted by this issue. However, some customers, in particular administrators in managed Windows environments, may need to take certain action. To determine whether you or your organization are impacted, please refer to the support page on the Adobe website*...
    * http://helpx.adobe.com/x-productkb/g...e-updates.html

    - http://nakedsecurity.sophos.com/2012...-sign-malware/
    Sep 28, 2012 - "... the issue appears to have been the result of hackers compromising a vulnerable build server. Malware seen using the digital signature includes pwdump7 v 7.1 (a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll). According to Adobe, the second malicious utility is myGeeksmail.dll, a malicious ISAPI filter..."

    - https://isc.sans.edu/diary.html?storyid=14194
    Last Updated: 2012-09-28

    - http://h-online.com/-1719955
    28 Sep 2012

    Last edited by AplusWebMaster; 2012-09-29 at 21:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe revokes certificate ...

    FYI...

    Adobe revokes certificate ...
    - https://www.adobe.com/support/securi...apsa12-01.html
    Last updated: Oct 4, 2012 - "... Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products. The following certificate has been revoked and the certificate revocation list (CRL) is available at:
    http://csc3-2010-crl.verisign.com/CSC3-2010.crl ..."
    ___

    Adobe Cert Used to Sign Malware ...
    - http://atlas.arbor.net/briefs/index#666340356
    Oct 05, 2012

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    3 Oct 2012

    Last edited by AplusWebMaster; 2012-10-06 at 16:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.4.402.287 - AIR v3.4.0.2710 released

    FYI...

    Flash v11.4.402.287 / AIR v3.4.0.2710 released
    - https://www.adobe.com/support/securi...apsb12-22.html
    Oct 8, 2012
    CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
    • Users of Adobe Flash Player 11.4.402.278 and earlier versions for Windows and Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh should update to Adobe Flash Player 11.4.402.287.
    • Users of Adobe Flash Player 11.2.202.238 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.243.
    • Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh.
    • Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version*, which will include Adobe Flash Player 11.3.375.10 for Windows.
    • Users of Adobe Flash Player 11.1.115.17 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.20.
    • Users of Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.19.
    • Users of Adobe AIR 3.4.0.2540 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
    • Users of the Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2710 SDK.
    • Users of the Adobe AIR 3.4.0.2540 and earlier versions for Android should update to the Adobe AIR 3.4.0.2710...
    These updates address critical vulnerabilities in the software...

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    - https://www.us-cert.gov/current/#ado...bulletin_for15
    Oct 10, 2012 - Flash v11.4.402.287 released...
    ___

    >> http://get.adobe.com/air/
    ___

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
    * https://technet.microsoft.com/en-us/...visory/2755801
    Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
    • V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
    ** http://support.microsoft.com/kb/2758994
    ___

    - https://secunia.com/advisories/50876/
    Release Date: 2012-10-09
    Criticality level: Highly critical
    Impact: System access
    Where: From remote...
    Solution: Update to a fixed version.
    Original Advisory: http://www.adobe.com/support/securit...apsb12-22.html

    Last edited by AplusWebMaster; 2012-10-14 at 00:44.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Shockwave v11.6.8.638 released

    FYI...

    Shockwave v11.6.8.638 released
    - https://www.adobe.com/support/securi...apsb12-23.html
    Oct 23, 2012
    CVE numbers:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4172 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4173 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4174 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4175 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4176 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5273 - 10.0 (HIGH)
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638...
    ... newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/
    ... This update addresses critical vulnerabilities in the software...

    - https://secunia.com/advisories/51090/
    Release Date: 2012-10-24
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    ... vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
    Solution: Update to version 11.6.8.638.

    Last edited by AplusWebMaster; 2012-10-24 at 18:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash v11.5.502.110 released

    FYI...

    Flash v11.5.502.110 released
    - https://www.adobe.com/support/securi...apsb12-24.html
    Nov 6, 2012
    CVE number:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5274 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5275 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5276 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5277 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5278 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5279 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-5280 - 10.0 (HIGH)
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users update their product installations to the latest versions:
    - Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
    - Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
    - Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
    - Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
    - Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
    - Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
    - Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
    These updates address -critical- vulnerabilities in the software...

    Download:
    > https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/

    >> http://get.adobe.com/air/

    > http://helpx.adobe.com/flash-player/...ase_notes.html
    ___

    - https://secunia.com/advisories/51213/
    Release Date: 2012-11-07
    Criticality level: Highly critical
    Impact: Security Bypass, System access
    Where: From remote
    ... exploitation of the vulnerabilities may allow execution of arbitrary code...
    Solution: Update to a fixed version.
    Original Advisory: Adobe (APSB12-24):
    http://www.adobe.com/support/securit...apsb12-24.html

    Last edited by AplusWebMaster; 2012-11-08 at 01:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •