Page 1 of 14 1234511 ... LastLast
Results 1 to 10 of 139

Thread: Adobe updates/advisories

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Black Tuesday - Jan 2012

    FYI...

    Adobe Black Tuesday
    - https://isc.sans.edu/diary.html?storyid=12364
    Last Updated: 2012-01-10 19:38:39 UTC - "Adobe has released 1 bulletin today (Reader & Acrobat: Update to 10.1.2 or 9.5) ...
    - http://www.adobe.com/support/securit...apsb12-01.html
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2462 - 10.0 (HIGH)
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4369 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-2470 - 4.3
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4371 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4372 - 7.5 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-4373 - 7.5 (HIGH)
    Critical ... Users can utilize the product's update mechanism... Help > Check for Updates..."

    - https://secunia.com/advisories/45852/
    Last Update: 2012-01-16
    Criticality level: Highly critical
    Impact: System access
    Where: From remote ...
    Solution: Update to version 9.5 or 10.1.2.

    Last edited by AplusWebMaster; 2012-01-16 at 18:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Shockwave Player v11.6.4.634 released

    FYI...

    Shockwave Player v11.6.4.634 released
    - https://www.adobe.com/support/securi...apsb12-02.html
    Feb 14, 2012
    CVE number: CVE-2012-0757, CVE-2012-0758, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, CVE-2012-0766
    - http://web.nvd.nist.gov/view/vuln/search - (ALL rated CVSS Severity: 10.0 HIGH)
    Platform: Windows and Macintosh
    Summary: This update addresses critical vulnerabilities in Adobe Shockwave Player 11.6.3.633 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions update to Adobe Shockwave Player 11.6.4.634
    ... available here: http://get.adobe.com/shockwave/ .

    Security update available for RoboHelp for Word
    * https://www.adobe.com/support/securi...apsb12-04.html
    February 14, 2012
    CVE number: CVE-2012-0765
    Platform: Windows
    Summary: This update addresses an important vulnerability in RoboHelp 9 (or 8) for Word on Windows. A specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word. Adobe recommends users update their product installation using the instructions (at the URL above*)...

    Last edited by AplusWebMaster; 2012-02-21 at 00:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.1.102.62 released

    FYI...

    Flash Player v11.1.102.62 released
    - https://www.adobe.com/support/securi...apsb12-03.html
    Feb 15, 2012
    CVE numbers:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0751
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0752
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0753
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0754
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0755
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0756
    ( -ALL- CVSS v2 Base Score: 10.0 HIGH )
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0767 - 4.3 Last revised: 02/25/2012
    Platform: All Platforms
    Summary: This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6... For users who cannot update to Flash Player 11.1.102.62, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.15...

    Download
    >> https://www.adobe.com/products/flash...ribution3.html

    - https://market.android.com/details?i...shplayer&hl=en
    Flash Player Android...
    ___

    - https://secunia.com/advisories/48033/
    Release Date: 2012-02-16
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, System access
    Where: From remote
    ... reportedly being actively exploited in targeted attacks.
    Original Advisory:
    http://www.adobe.com/support/securit...apsb12-03.html

    - http://www.securitytracker.com/id/1026694
    Date: Feb 16 2012
    Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network...

    Last edited by AplusWebMaster; 2012-02-25 at 17:17.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe exploits-in-the-wild...

    FYI...

    Flash Player v11.1.102.62 update
    - http://www.symantec.com/security_res...atconlearn.jsp
    Feb 24, 2012 - "On February 15, 2012, Adobe released a patch for Flash Player fixing vulnerabilities on all platforms. One of these is a cross-site scripting (XSS) vulnerability that is being exploited in the wild through links in emails (CVE-2012-0767*, BID 52040). A cross-site scripting vulnerability can allow an attacker to make HTTP requests masquerading as the affected user. Since this vulnerability was reported by Google, it is likely that it has been used in attempted attacks on Gmail accounts - similarly to the XSS vulnerability exploited in June 2011 to infiltrate victims' Gmail accounts (CVE-2011-2107). An attacker must entice a user into visiting a malicious link in the email to trigger the vulnerability. Customers are advised to install applicable updates as soon as possible.
    Adobe Security Bulletin: Security update available for Adobe Flash Player ..."
    http://forums.spybot.info/showpost.p...3&postcount=60

    * http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0767
    Last revised: 02/25/2012 - "... before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x... as exploited in the wild in February 2012"

    Last edited by AplusWebMaster; 2012-02-25 at 17:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.1.102.63 critical update - 2012.03.05

    FYI...

    Flash Player v11.1.102.63 critical update
    - https://www.adobe.com/support/securi...apsb12-05.html
    March 5, 2012
    CVE number:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0768 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0769 - 5.0
    Platform: All Platforms
    Summary: "These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7... For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16..."
    ___

    Download:

    The normal distribution site has been updated to the latest versions (@ 3.06.2012 15:45est):
    - https://www.adobe.com/products/flash...ribution3.html

    Flash test site: http://www.adobe.com/software/flash/about/
    ___

    - https://secunia.com/advisories/48281/
    Release Date: 2012-03-06
    Criticality level: Highly critical
    Impact: Exposure of sensitive information, System access
    Where: From remote...
    Solution: Update to a fixed version...

    - http://www.securitytracker.com/id/1026761
    Date: Mar 6 2012
    CVE Reference: CVE-2012-0768, CVE-2012-0769
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Version(s): prior to 11.1.102.63; prior to 11.1.111.7 and 11.1.115.7 for Android

    Last edited by AplusWebMaster; 2012-03-07 at 05:41.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash exploit released ...

    FYI...

    Flash exploit released...
    - http://atlas.arbor.net/briefs/index#-957676977
    Severity: Elevated Severity
    Published: Thursday, March 08, 2012 20:33
    An exploit for a month-old Adobe Flash vulnerability has been released to the public. Ensure systems are protected.
    Analysis: This security vulnerability, patched on Feb 15th, was used in a targeted attack around March 5th
    - http://contagiodump.blogspot.com/201...s-oil-and.html *
    ... and now a Metasploit module has been released to the public. Given the widespread install base of Flash, users are strongly encouraged to ensure that patching has taken place. Now that the code is public, it will likely be used in commodity exploit kits very soon to install malware."
    * http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0754 - 10.0 (HIGH)

    * https://www.virustotal.com/file/6836...ca62/analysis/
    File name: us.exe
    Detection ratio: 27/43
    Analysis date: 2012-03-07 16:19:36 UTC
    * https://www.virustotal.com/file/d018...is/1331313285/
    File name: CVE-2012-0744-xls.swf
    Detection ratio: 8/43
    Analysis date: 2012-03-09 17:14:45 UTC
    * https://www.virustotal.com/file/b3a9...f4a4/analysis/
    File name: 12e36f86ce54576cc38b2edfd13e3a5aa6c8d51c.bin
    Detection ratio: 24/43
    Analysis date: 2012-03-10 23:57:50 UTC

    >> http://forums.spybot.info/showpost.p...7&postcount=62

    Last edited by AplusWebMaster; 2012-03-11 at 05:26.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion security update - Hotfix available...

    FYI...

    ColdFusion security update - Hotfix available
    - https://www.adobe.com/support/securi...apsb12-06.html
    March 13, 2012 - "... important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This vulnerability could lead to a denial of service attack using a hash algorithm collision. Adobe has provided a solution to address the reported vulnerability. It is recommended that users update their product installation using the instructions provided in the "Solution" section... This update resolves a denial of service attack using a hash algorithm collision ( http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0770 )...
    Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0 for Windows, Macintosh and UNIX
    Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote: http://helpx.adobe.com/coldfusion/kb...ty-hotfix.html ..."

    - https://secunia.com/advisories/48393/
    Release Date: 2012-03-14

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.2.202.228 released

    FYI...

    Flash Player v11.2.202.228 released
    - https://www.adobe.com/support/securi...apsb12-07.html
    March 28, 2012
    CVE numbers:
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0772 - 10.0 (HIGH)
    Last revised: 03/29/2012
    "Summary: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0773 - 10.0 (HIGH)
    Last revised: 03/29/2012
    "Summary: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
    Platform: All Platforms
    Summary: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228... Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223... Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted. For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18... Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device. Users of Adobe AIR 3.1.0.4880 for Windows, Macintosh and Android should update to Adobe AIR 3.2.0.2070...

    Download: https://www.adobe.com/products/flash...ribution3.html

    AIR 3.2.0.2070: AIR Download Center: http://get.adobe.com/air/

    Android Marketplace: https://play.google.com/store/apps/d...shplayer&hl=en

    Android Marketplace: https://play.google.com/store/apps/d...=com.adobe.air

    Release Notes | Flash Player 11.2, AIR 3.2:
    - http://helpx.adobe.com/flash-player/..._20120305.html
    ___

    Flash test site: http://www.adobe.com/software/flash/about/
    ___

    Critical Security Update for Adobe Flash Player
    - http://atlas.arbor.net/briefs/index#-330930387
    Severity: High Severity
    Published: Wednesday, March 28, 2012 19:20
    Adobe releases a critical update for Flash Player, and also rolls in a more functional automatic update process.
    Analysis: Flash has been hit hard by malware authors and use for all sorts of attacks. In the past, it's patching mechanism has been flawed and difficult to use, especially for the average computer user. Their new background update function* should make this easier.
    Source: https://krebsonsecurity.com/2012/03/...lash-player-2/
    * http://download.windowssecrets.com/i...9-PW-Flash.jpg

    Flash Player / AIR vulns...
    - https://secunia.com/advisories/48623/
    Release Date: 2012-03-29
    Criticality level: Highly critical
    Impact: System access
    Where: From remote...
    CVE Reference(s): CVE-2012-0772, CVE-2012-0773
    Solution: Update to a fixed version...
    Original Advisory: http://www.adobe.com/support/securit...apsb12-07.html

    - http://www.securitytracker.com/id/1026859
    CVE Reference: CVE-2012-0772, CVE-2012-0773
    Date: Mar 28 2012
    Impact: Execution of arbitrary code via network, User access via network
    Version(s): 11.1.102.63 and prior versions...
    Solution: The vendor has issued a fix (11.2.202.228 for Windows, Mac, and Linux; 11.2.202.223 for Solaris; 11.1.111.8 for Android 3.x).

    Last edited by AplusWebMaster; 2012-04-03 at 22:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader/Acrobat security updates available

    FYI...

    Adobe Reader/Acrobat security updates available
    - https://www.adobe.com/support/securi...8.html#Ratings
    April 10, 2012
    CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
    "... Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
    Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1...
    Solution: Adobe recommends users update their software installations by following the instructions below:
    - Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
    - Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
    - Adobe Reader users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloa...form=Macintosh
    - Adobe Reader users on Linux can find the appropriate update here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
    - Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
    - Acrobat Standard and Pro users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
    - Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloa...atform=Windows
    - Acrobat Pro users on Macintosh can also find the appropriate update here: http://www.adobe.com/support/downloa...form=Macintosh ..."
    ___

    - http://www.securitytracker.com/id/1026908
    Date: Apr 10 2012
    CVE Reference: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
    Impact: Execution of arbitrary code via network, User access via network
    Version(s): 9.5 and prior versions; 10.1.2 and prior versions

    - https://secunia.com/advisories/48733/
    Release Date: 2012-04-11
    Criticality level: Highly critical
    Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
    Where: From remote...
    ... more information:
    - https://secunia.com/advisories/48033/
    - https://secunia.com/advisories/48281/
    - https://secunia.com/advisories/48623/
    Solution: Apply updates...

    Last edited by AplusWebMaster; 2012-04-11 at 15:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash Player v11.2.202.233 released

    FYI...

    Flash Player v11.2.202.233 released
    - https://www.adobe.com/support/securi...apsb12-07.html
    ... Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).
    April 5, 2012 - Added information on CVE-2012-0724, CVE-2012-0725 and corresponding Google Chrome release.
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0724 - 10.0 (HIGH)
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0725 - 10.0 (HIGH)
    Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
    ___

    - http://helpx.adobe.com/flash-player/..._20120305.html
    Last updated 2012-04-13
    ... Current Runtime Release Version(s): Flash Player Desktop: 11.2.202.233
    Fixed Issues: Printing to local printer generates unusably large print jobs (3158836)...
    .. ??

    Download: https://www.adobe.com/products/flash...ribution3.html
    ___

    Flash test site: http://www.adobe.com/software/flash/about/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •