Old Adobe updates/advisories

[AplusWebMaster]

FYI...

Adobe Flash Player v10.1.85.3 released
- http://www.adobe.com/support/securit...apsb10-22.html
Sep. 20, 2010 - "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh... Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1... Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone. For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here*..."
* http://www.adobe.com/go/kb406791

- http://get.adobe.com/flashplayer/
___

Direct download current version - executable Flash Player installer...
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com/software/flash/about/
... should read: "You have version 10,1,85,3 installed"
___

- http://secunia.com/advisories/41434/
Last updated 2010-09-21
Criticality level: Extremely critical
Solution: Update to version 9.0.283 or 10.1.85.3...

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat v9.4 update available
- http://www.adobe.com/support/securit...apsb10-21.html
October 5, 2010 - "Critical vulnerabilities have been identified in Adobe Reader 9.3.4 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.4 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.4 (and earlier versions) and Adobe Acrobat 8.2.4 (and earlier versions) for Windows and Macintosh and Adobe Reader 8.2.4 (and earlier versions) and Adobe Acrobat 8.2.4 (and earlier versions) for Windows and Macintosh... Adobe recommends users of Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.4, Adobe has provided the Adobe Reader 8.2.5 update.) Adobe recommends users of Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4. Adobe recommends users of Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.5... Adobe Reader Users on Windows and Macintosh can utilize the product's update mechanism..."
CVE Numbers: CVE-2010-2883, CVE-2010-2884, CVE-2010-2887, CVE-2010-2888, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3623, CVE-2010-3624, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3631, CVE-2010-3632, CVE-2010-3656, CVE-2010-3657, CVE-2010-3658
"... Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5..."

- http://www.adobe.com/support/downloads/new.jsp
10/5/2010

- http://secunia.com/advisories/41340/
Last Update: 2010-10-06
Criticality level: Extremely critical
Impact: System access ...
"... NOTE: The vulnerability is currently being actively exploited..."
Solution: Update to version 8.2.5 and 9.4...

- http://www.securitytracker.com/id?1024511
Oct 6 2010

[AplusWebMaster]

FYI...

Shockwave v11.5.9.615 released
- http://forums.spybot.info/showpost.p...9&postcount=15
___

Shockwave Player vuln - unpatched
- http://secunia.com/advisories/41932/
Release Date: 2010-10-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in version 11.5.8.612...
Solution: Do not visit untrusted websites*...
Original Advisory: Adobe:
http://www.adobe.com/support/securit...apsa10-04.html
Last updated: October 27, 2010 - "... As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild... We are in the process of finalizing a fix for the issue and expect to provide an update for Shockwave Player on October 28, 2010..."
http://blogs.adobe.com/psirt/2010/10...apsa10-04.html
"... vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3653
Last revised: 10/27/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

[AplusWebMaster]

FYI...

Adobe Flash... 0-day... unpatched
* http://www.adobe.com/support/securit...apsa10-05.html
Release date: October 28, 2010
CVE number: CVE-2010-3654
"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player. We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010..."

- http://secunia.com/advisories/41917/
Last Update: 2010-10-29
Criticality level: Extremely critical
NOTE: The vulnerability is currently being actively exploited...
... Adobe plans to release a fixed version on November 9, 2010.
... Reported as a 0-day.
Original Advisory: Adobe APSA10-05*

Adobe Reader/Acrobat ...
- http://secunia.com/advisories/42030/
...Adobe plans to release a fixed version on November 15, 2010.
Original Advisory: Adobe APSA10-05*

Chrome ...
- http://secunia.com/advisories/42031/

- http://www.theregister.co.uk/2010/10...critical_vuln/
28 October 2010
- http://www.virustotal.com/file-scan/...72a-1288229160
File name: nsunday.exe
Submission date: 2010-10-28
Result: 15/42 (35.7%)
There is a more up-to-date report (27/43) for this file...
- http://www.virustotal.com/file-scan/...72a-1288324712
File name: 9F0CEFE847174185030A1F027B3813EC
Submission date: 2010-10-29
Result: 27/43 (62.8%)
___

- http://isc.sans.edu/diary.html?storyid=9835
Last Updated: 2010-10-28 21:51:01 UTC - "... mitigation measures recommended by adobe:
Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."
More information at
- http://contagiodump.blogspot.com/201...ayer-zero.html ..."
___

- http://www.kb.cert.org/vuls/id/298081
2010-10-28 - "... consider the following workarounds: Disable Flash..."

ThreatCon... Elevated.
- http://www.symantec.com/security_res...atconlearn.jsp
Oct. 29, 2010 - "... Adobe Flash Player, Adobe Reader, and Acrobat... vulnerability... being actively exploited in the wild..."

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3654
Last revised: 10/29/2010

[AplusWebMaster]

FYI...

Shockwave v11.5.9.615 released
- http://www.adobe.com/support/securit...apsb10-25.html
CVE number: CVE-2010-2581, CVE-2010-2582, CVE-2010-3653, CVE-2010-3655, CVE-2010-4084, CVE-2010-4085, CVE-2010-4086, CVE-2010-4087, CVE-2010-4088, CVE-2010-4089, CVE-2010-4090
October 28, 2010 - "Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems... Adobe recommends users of Adobe Shockwave Player 11.5.8.612 and earlier versions upgrade to the newest version 11.5.9.615, available here:
- http://get.adobe.com/shockwave/ ..."

[AplusWebMaster]

FYI...

- http://isc.sans.edu/diary.html?storyid=9892
Last Updated: 2010-11-04 22:27:50 UTC - "... current 'State of Adobe'...
Product Latest Version
PDF Reader - v9.4.0 - vulnerable: http://secunia.com/advisories/42095/
Flash Player - 10.1.102.64
Shockwave Player- 11.5.9.615 - vulnerable: http://secunia.com/advisories/42112/
Acrobat - 9.4.0 - vulnerable: http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3654
Air - 2.5 ..."
- http://isc.sans.edu/tag.html?tag=adobe
___

Flash update now expected 11.4.2010...
- http://www.adobe.com/support/securit...apsa10-05.html
Last updated: November 2, 2010 - "... We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3654
Last revised: 11/01/2010
CVSS v2 Base Score: 9.3 (HIGH)

[AplusWebMaster]

FYI...

Flash Media Server multiple vulns - update available
- http://secunia.com/advisories/42157/
Release Date: 2010-11-10
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote ...
Solution: Update to Flash Media Server version 3.0.7, 3.5.5, or 4.0.1.
Original Advisory: APSB10-27:
http://www.adobe.com/support/securit...apsb10-27.html
CVE-2010-3633, CVE-2010-3634, CVE-2010-3635
___

Flash v10.1.102.64 released
- http://www.adobe.com/support/securit...apsa10-05.html
Last updated: November 4, 2010 - "A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android... Adobe recommends... update to Adobe Flash Player 10.1.102.64. For More information, please refer to Security Bulletin APSB10-26*..."
* http://www.adobe.com/support/securit...apsb10-26.html
Release date: November 4, 2010
CVE number: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976
Platform: All Platforms...
Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64... users who cannot update to Flash Player 10.1.102.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.289.0, which can be downloaded from: http://www.adobe.com/go/kb406791 ..."

- http://www.adobe.com/support/securit...apsb10-26.html
Last updated: November 9, 2010 - "... Users of Flash Player for Android version 10.1.95.1 and earlier can update to Flash Player version 10.1.105.6 by browsing to the Android Marketplace on an Android phone*..."
* http://market//details?id=com.adobe.flashplayer
___

Direct download current version - executable Flash Player installer...
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com/software/flash/about/
... should read: "You have version 10,1,102,64 installed"
___

- http://www.securitytracker.com/id?1024685
Nov 5 2010
___

Flash Update plugs 18 security holes
- http://krebsonsecurity.com/2010/11/f...ecurity-holes/
v10.1.102.64 ...

[AplusWebMaster]

FYI...

Adobe Reader vuln
- http://secunia.com/advisories/42095/
Last Update: 2010-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 9.4.1.

Adobe Shockwave Player vuln - unpatched
- http://secunia.com/advisories/42112/
Last Update: 2010-11-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.
Solution: Do not open the "Shockwave Settings" window when viewing Shockwave content...
- http://www.securitytracker.com/id?1024682
Nov 4 2010
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-4092
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

[AplusWebMaster]

Adobe Reader/Acrobat v9.4.1 released
- http://forums.spybot.info/showpost.p...7&postcount=20
___

Adobe PDF Reader status:

- http://www.adobe.com/support/securit...apsb10-28.html
November 12, 2010 - "... updates for Adobe Reader 9.4... and Adobe Acrobat 9.4... Adobe expects to make updates for Windows and Macintosh available on Tuesday, November 16, 2010. An update for UNIX is expected to be available on Monday, November 30, 2010..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3654
Original release date: 10/29/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in October 2010..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-4091
Original release date: 11/07/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)
- http://secunia.com/advisories/42030/
Release Date: 2010-10-28
- http://secunia.com/advisories/42095/
Last Update: 2010-11-08

- http://contagiodump.blogspot.com/201...2010-3654.html
November 10, 2010

Alternative:
- http://forums.spybot.info/showpost.p...0&postcount=28
FoxIt Reader v4.3.0.1110

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat v9.4.1 released
- http://www.adobe.com/support/securit...apsb10-28.html
November 16, 2010 - "Critical vulnerabilities... Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1...
Adobe Reader/Acrobat: Users on Windows and Macintosh can utilize the product's update mechanism..."
CVE numbers:
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3654
CVSS v2 Base Score: 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-4091
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.adobe.com/support/downloads/new.jsp
11/16/2010