Page 11 of 11 FirstFirst ... 7891011
Results 101 to 107 of 107

Thread: Old Adobe updates/advisories

  1. #101
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Shockwave v11.6.3.633 released

    FYI...

    Shockwave v11.6.3.633 released
    - https://www.adobe.com/support/securi...apsb11-27.html
    November 8, 2011
    CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
    Platform: Windows and Macintosh
    Summary: Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions update to Adobe Shockwave Player 11.6.3.633... available here:
    - http://get.adobe.com/shockwave/ ..."
    ___

    - http://www.securitytracker.com/id/1026288
    Date: Nov 8 2011
    CVE Reference: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
    Impact: Execution of arbitrary code via network, User access via network
    Version(s): 11.6.1.629 and prior
    ... The vendor has issued a fix (11.6.3.633)...

    - https://secunia.com/advisories/46667/
    Release Date: 2011-11-09
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    ... vulnerabilities are reported in versions 11.6.1.629 and prior.
    Solution: Update to version 11.6.3.633...

    Last edited by AplusWebMaster; 2011-11-09 at 16:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #102
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.1.102.55 - AIR v3.1.0.4880 released

    FYI...

    Flash Player v11.1.102.55 || AIR v3.1.0.4880 released
    - https://www.adobe.com/support/securi...apsb11-28.html
    November 10, 2011 - "Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android.
    Users of Adobe AIR 3.0 for Windows, Macintosh, and Android should update to Adobe AIR 3.1.0.4880...
    For users who cannot update to Flash Player 11.1.102.55, Adobe has developed a patched version of Flash Player 10, Flash Player 10.3.183.11*...
    Users of Adobe Flash Player 11.0.1.153 and earlier versions for Android should update to Adobe Flash Player 11.1.102.59 for Android by browsing to the Android Marketplace on an Android device."
    CVE number: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460
    Platform: All Platforms

    Release notes: http://kb2.adobe.com/cps/923/cpsid_9...n_new_features
    ___

    Flash downloads: https://www.adobe.com/special/produc...ribution3.html
    Flash Player 11 (64 bit)
    IE: http://fpdownload.macromedia.com/pub...ve_x_64bit.exe
    Flash Player 11 (32 bit)
    IE: http://fpdownload.macromedia.com/pub...ve_x_32bit.exe
    Firefox, other Plugin-based browsers: http://fpdownload.macromedia.com/pub...ugin_32bit.exe
    Flash v10.3.183.11:
    IE:
    http://download.macromedia.com/pub/f...0_active_x.exe
    *Firefox v3.6.4, some other browsers:
    http://download.macromedia.com/pub/f..._player_10.exe

    Flash test site: http://www.adobe.com/software/flash/about/
    ___

    AIR latest version is available here: http://get.adobe.com/air/
    ___

    - https://secunia.com/advisories/46818/
    Release Date: 2011-11-11
    Criticality level: Highly critical
    Impact: Security Bypass, System access
    Where: From remote...
    ... vulnerabilities are reported in the following products:
    * Adobe Flash Player versions 11.0.1.152 and prior for Windows, Macintosh, Linux, and Solaris
    * Adobe Flash Player versions 11.0.1.153 and prior for Android
    * Adobe AIR versions 3.0 for Windows, Macintosh, and Android
    Solution: Update to a fixed version.
    Original Advisory: http://www.adobe.com/support/securit...apsb11-28.html

    - http://www.securitytracker.com/id/1026314
    Date: Nov 11 2011
    Impact: Execution of arbitrary code via network, User access via network...
    Fix Available: Yes...
    Version: 11.0.1.152 and prior...

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2445
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2450
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2451
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2452
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2453
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2454
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2455
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2456
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2457
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2458
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2459
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2460
    CVSS v2 Base Score: 10.0 (HIGH)
    "... Flash Player before 10.3.183.11 and 11.x before 11.1.102.55..."

    .
    Last edited by AplusWebMaster; 2011-11-15 at 14:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #103
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Flex SDK security update available

    FYI...

    Adobe Flex SDK security update available
    - https://www.adobe.com/support/securi...apsb11-25.html
    CVE number: CVE-2011-2461
    Platform: Windows, Macintosh and Linux
    November 30, 2011 - "... An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, Macintosh and Linux operating systems:
    All Web-based (-not- AIR-based) Flex applications built using any release of Flex 3.x (including 3.0, 3.0.1, 3.1, 3.2, 3.3, 3.4, 3.4.1, 3.5, 3.5A and 3.6) may be vulnerable.
    Web-based (-not- AIR-based) Flex applications built using any release of Flex 4.x (including 4.0, 4.1, 4.5 and 4.5.1) that were compiled using static linkage of the Flex libraries rather than RSL (runtime shared library) linkage are vulnerable.
    Most Flex 4.x applications that were compiled in the default way (specifically, using RSL linkage) are not vulnerable; however, there are rare cases in which they may be vulnerable. To determine whether an application is vulnerable, customers should use the SWF patching tool described in the tech note*.
    This vulnerability could lead to cross-site scripting issues in Flex applications. Adobe recommends users of the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files using the instructions and tools provided as outlined in the tech note* ..."
    * http://www.adobe.com/go/flexsecuritytechnote
    ___

    - https://secunia.com/advisories/47053/
    Release Date: 2011-12-01
    Impact: Cross Site Scripting
    Where: From remote
    CVE Reference: CVE-2011-2461
    Original Advisory: Adobe (APSB11-25):
    http://www.adobe.com/support/securit...apsb11-25.html
    http://kb2.adobe.com/cps/915/cpsid_91544.html

    - http://www.securitytracker.com/id/1026361
    CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2461
    Date: Dec 1 2011
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
    Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Flex application, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix. The vendor recommends that users verify their SWF applications to ensure they are not affected.
    The vendor's advisory is available at:
    http://www.adobe.com/support/securit...apsb11-25.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #104
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader 9.x - targeted attacks in the wild...

    FYI...

    Adobe Reader/Acrobat Security Advisory - APSA11-04
    - http://www.adobe.com/support/securit...apsa11-04.html
    December 6, 2011
    Summary : A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012. For further context on this schedule, please see the corresponding ASSET blog* post."
    * http://blogs.adobe.com/asset/2011/12...2011-2462.html
    December 6, 2011

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2462
    Last revised: 12/08/2011
    CVSS v2 Base Score: 10.0 (HIGH)
    "... as exploited in the wild in December 2011..."

    - http://h-online.com/-1391441
    7 December 2011

    Reader 0-day exploit in-the-wild...
    - http://www.symantec.com/connect/fr/b...exploited-wild
    ___

    - http://www.securitytracker.com/id/1026376
    Dec 6 2011
    Impact: Execution of arbitrary code via network, User access via network
    ... A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user...

    - https://secunia.com/advisories/47133/
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    CVE Reference: CVE-2011-2462
    Solution: Do not open untrusted PDF files. A fix is scheduled to be released for Adobe Reader and Acrobat 9.x for Windows in the week of December 12, 2011.
    Provided and/or discovered by: Reported as a 0-day.
    Original Advisory: http://www.adobe.com/support/securit...apsa11-04.html

    Last edited by AplusWebMaster; 2011-12-11 at 19:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #105
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player 0-day vulns - unpatched

    FYI...

    Flash Player 0-day vulns - unpatched
    - http://www.securitytracker.com/id/1026392
    Date: Dec 8 2011
    Impact: Execution of arbitrary code via network, User access via network...
    Version(s): 11.1.102.55 and prior versions
    Description: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system...
    Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: No solution was available at the time of this entry.
    ___

    - http://arstechnica.com/business/news...are-vendor.ars
    December 8, 2011 - "InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11..."
    ___

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4693
    CVSS v2 Base Score: 9.3 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4694
    CVSS v2 Base Score: 9.3 (HIGH)
    Original release date: 12/07/2011
    Last revised: 12/13/2011

    - https://isc.sans.edu/diary.html?storyid=12166
    Last Updated: 2011-12-08 21:52:32 UTC

    - https://secunia.com/advisories/47161/
    Release Date: 2011-12-08
    Criticality level: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    ... vulnerability is reported in version 11.1.102.55. Other versions may also be affected.
    Solution: Do not browse untrusted sites or disable the player.
    Original Advisory:
    - http://archives.neohapsis.com/archiv...1-q4/0081.html
    Dec 06 2011 - "... bypasses DEP/ASLR and works on Win7/WinXP with FF, Chrome and IE..."

    Last edited by AplusWebMaster; 2012-01-11 at 00:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #106
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion - hotfix...

    FYI...

    ColdFusion - hotfix...
    - https://www.adobe.com/support/securi...apsb11-29.html
    December 13, 2011
    CVE number: CVE-2011-2463, CVE-2011-4368
    "Summary: Important vulnerabilities have been identified in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. These vulnerabilities could lead to a cross-site scripting attack. Adobe recommends users update their product installation...
    Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0 for Windows, Macintosh and UNIX
    Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
    - http://kb2.adobe.com/cps/925/cpsid_92512.html ..."

    - http://www.securitytracker.com/id/1026405
    Dec 13 2011

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #107
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader/Acrobat v9.4.7 released

    FYI...

    - https://www.adobe.com/support/securi...apsb12-01.html
    January 6, 2012 - "Adobe is planning to release updates for Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh to resolve critical security issues. These updates will include fixes for CVE-2011-2462 and CVE-2011-4369... available on Tuesday, January 10, 2012..."
    ___

    Adobe Reader/Acrobat v9.4.7 released
    - https://www.adobe.com/support/securi...apsb11-30.html
    Release date: December 16, 2011
    CVE numbers:
    * http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2462
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4369
    CVSS v2 Base Score: 10.0 (HIGH)
    "... Reader and Acrobat 9.x before 9.4.7... as exploited in the wild in December 2011..."
    "... updates address these vulnerabilities in Adobe Reader and Acrobat 9.x for Windows. Adobe recommends users of Adobe Reader 9.4.6 and earlier... update to Adobe Reader 9.4.7. Adobe recommends users of Adobe Acrobat 9.4.6 and earlier... update to Adobe Acrobat 9.4.7... Users can utilize the product's update mechanism..."
    ___

    - http://www.symantec.com/security_res...atconlearn.jsp
    Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*..."
    ___

    - https://secunia.com/advisories/47133/
    Last Update: 2011-12-16
    Criticality level: Extremely critical
    Solution: Update to version 9.4.7 for Windows. Fixes are scheduled for Adobe Reader/Acrobat X and Adobe Reader for Unix 9.x for January 10, 2012...

    - http://h-online.com/-1397440
    17 December 2011

    Last edited by AplusWebMaster; 2012-01-07 at 04:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •