Old Adobe updates/advisories

[AplusWebMaster]

FYI...

Flash, Reader, Acrobat critical updates scheduled...
- http://www.adobe.com/support/securit...apsa11-02.html
April 13, 2011- "... We... expect to make available an update for Flash... on Friday, April 15, 2011. We expect to make available an update for Adobe Acrobat... and Adobe Reader... no later than the week of April 25, 2011..."

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0611
Last revised: 04/13/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... as exploited in the wild in April 2011..."

[AplusWebMaster]

FYI...

Flash Player v10.2.159.1 released
- http://www.adobe.com/support/securit...apsb11-07.html
April 15, 2011 - "A critical vulnerability has been identified in Adobe Flash Player 10.2.153.1 and earlier versions... Adobe recommends... update to Adobe Flash Player 10.2.159.1..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com/software/flash/about/
... should read: "You have version 10,2,159,1 installed"

[AplusWebMaster]

FYI...

Drive-by Flash cache attacks...
- http://www.theregister.co.uk/2011/04...rive_by_cache/
19 April 2011 - "Miscreants have deployed a subtle variant of the well established drive-by-download attack tactics against the website of human rights organisation Amnesty International. In traditional drive-by-download attacks malicious code is planted on websites. This code redirects surfers to an exploit site, which relies on browser vulnerabilities or other exploits to download and execute malware onto visiting PCs. The attack on the Amnesty website, detected by security firm Armorize*, relied on a different sequence of events. In this case, malicious scripts are used to locate the malware which is already sitting in the browser's cache directory, before executing it. This so-called drive-by cache approach make attacks harder to detect because no attempt is made to download a file and write it to disk, a suspicious maneuver many security software packages are liable to detect. By bypassing this step dodgy sorts are more likely to slip their wares past security software undetected. The Amnesty International attack ultimately relied on an Adobe Flash zero-day exploit, patched by Adobe** late last week..."
* http://blog.armorize.com/2011/04/new...ed-in-new.html

- http://www.virustotal.com/file-scan/...227-1303129354
File name: display[1].swf
Submission date: 2011-04-18 12:22:34 (UTC)
Result: 1/40 (2.5%)

** Flash Player v10.2.159.1 released
- http://forums.spybot.info/showpost.p...3&postcount=32

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat security updates
- http://www.adobe.com/support/securit...apsb11-08.html
CVE number: CVE-2011-0611, CVE-2011-0610
April 21,2011 - "Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems... Adobe recommends users of Adobe Reader X (10.0.2) for Macintosh update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3... update (to) Adobe Reader 9.4.4... Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Reader 9.x users on Windows can also find the appropriate update here:
- http://www.adobe.com/support/downloa...atform=Windows
Adobe Reader 10.x and 9.x users on Macintosh can also find the appropriate update here:
- http://www.adobe.com/support/downloa...form=Macintosh ..."

- http://secunia.com/advisories/44149/
Last Update: 2011-04-22
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0610
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0611
Last revised: 05/03/2011
CVSS v2 Base Score: 9.3 (HIGH)
Solution: Update to version 9.4.4 or 10.0.3

- http://www.securitytracker.com/id/1025434
Apr 22 2011

[AplusWebMaster]

FYI...

Adobe Photoshop CS5 12.0.4 released
- http://secunia.com/advisories/44419/
Release Date: 2011-05-03
Criticality level: Moderately critical
Impact: Unknown
Where: From remote ...
Software: Adobe Photoshop CS5 12.x
... The vulnerabilities are reported in versions -prior- to CS5 12.0.4.
Solution: Update to version CS5 12.0.4...
Original Advisory: http://www.adobe.com/support/downloa...jsp?ftpID=4973
"... A number of potential security vulnerabilities have been addressed..."

- http://www.securitytracker.com/id/1025483
May 4 2011

[AplusWebMaster]

FYI...

APSB11-09 – Security update available for RoboHelp (Important Severity)
- http://www.adobe.com/support/securit...apsb11-09.html
APSB11-10 – Security update available for Audition (Critical Severity)
- http://www.adobe.com/support/securit...apsb11-10.html
APSB11-11 – Security update available for Flash Media Server (FMS) (Critical Severity)
- http://www.adobe.com/support/securit...apsb11-11.html
APSB11-12 – Security update available for Flash Player (Critical Severity)
- http://www.adobe.com/support/securit...apsb11-12.html
May 12, 2011
CVE number: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627*
Platform: All Platforms
"Critical vulnerabilities have been identified... Adobe recommends users of Adobe Flash Player 10.2.159.1 and earlier versions... update to Adobe Flash Player 10.3.181.14..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com/software/flash/about/
... should read: "You have version 10,3,181,14 installed"

- http://www.securitytracker.com/id/1025533
May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0627
Last revised: 05/16/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... before 10.3.181.14 on Windows..."
____

Local settings manager (new in desktop only)
- http://www.adobe.com/products/flashp...res/index.html
"... Flash Player 10.3 integrates control of local storage with the browser's privacy settings... Users can access the Flash Player Settings Manager directly from the Control Panel or System Preferences..."
___

- http://secunia.com/advisories/44480/ - RoboHelp
- http://www.securitytracker.com/id/1025530 - Audition
- http://secunia.com/advisories/44589/ - Flash Media Server
- http://secunia.com/advisories/44590/ - Flash
Release Date: 2011-05-13
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Original Advisory: Adobe (APSB11-12):
http://www.adobe.com/support/securit...apsb11-12.html

[AplusWebMaster]

FYI...

> http://forums.spybot.info/showpost.p...1&postcount=36
"... update to Adobe Flash Player 10.3.181.14..."
- http://www.securitytracker.com/id/1025533
May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627*] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0627
Last revised: 05/13/2011

[AplusWebMaster]

FYI...

Adobe Photoshop v12.0.4 released
- http://securitytracker.com/id?1025483
Updated: May 23 2011

- http://secunia.com/advisories/44419/
"... vulnerabilities are reported in versions prior to CS5 12.0.4..."

- http://www.adobe.com/support/downloa...jsp?ftpID=4973

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2164
Last revised: 05/24/2011
CVSS v2 Base Score: 10.0 (HIGH)

[AplusWebMaster]

FYI...

Prenotification Security Advisory for Adobe Reader and Acrobat
- http://www.adobe.com/support/securit...apsb11-16.html
June 9, 2011 - "Adobe is planning to release updates for Adobe Reader X (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available on Tuesday, June 14, 2011..."
___

Flash v10.3.181.2x released
- http://www.adobe.com/support/securit...apsb11-13.html
Revisions:
June 8, 2011 - Updated with information on Adobe Reader and Acrobat
June 7, 2011 - Updated with information on Android update.
June 5, 2011 - CVE-2011-2107
Summary: An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being actively exploited in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message...
Solution: Adobe recommends all users... update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX)..."

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.
- http://fpdownload.adobe.com/get/flas..._player_ax.exe
For IE ...
- http://fpdownload.adobe.com/get/flas...ash_player.exe
For Firefox, other browsers, etc...

Flash test site: http://www.adobe.com/software/flash/about/
___

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2107
Last revised: 06/09/2011

- http://secunia.com/advisories/44846/
Impact: Cross Site Scripting
Where: From remote...
Solution: Update to Flash Player version 10.3.181.22 (10.3.181.23 for ActiveX).

- http://www.securitytracker.com/id/1025603
Jun 6 2011 - CVE-2011-2107
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Solution: The vendor has issued a fix (10.3.181.22; 10.3.181.23 for ActiveX; 10.3.185.22 for Android). The Android fix will be available the week of June 6, 2011.

[AplusWebMaster]

FYI...

Hacks exploit Flash bug in new attacks against Gmail users
- http://www.computerworld.com/s/artic...st_Gmail_users
June 6, 2011 - "Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users... '... we cannot assume that other Web mail providers may not be targeted as well'..."

> http://forums.spybot.info/showpost.p...3&postcount=39