Page 14 of 14 FirstFirst ... 41011121314
Results 131 to 139 of 139

Thread: Adobe updates/advisories

  1. #131
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Acrobat/Reader - 11.0.22 Out of cycle update

    FYI...

    Acrobat/Reader - 11.0.22 Out of cycle update
    - https://www.adobe.com/devnet-docs/ac...1/11.0.22.html
    Aug 22, 2017
    Patch Installers / Install over 11.0.21

    - https://www.adobe.com/devnet-docs/ac...tes/index.html
    ... How do I update manually? Go to Help > Check for updates, and install the updates...

    Bug fixes: Forms-XFA / 4221443: Acrobat and Reader crash on launching some XFA forms.

    Known issues | Acrobat XI, Reader XI
    - https://helpx.adobe.com/acrobat/kb/k...xi-reader.html
    __

    Adobe Reader for Windows
    - http://supportdownloads.adobe.com/pr...ows&product=10
    Full Download / Updates/Programs
    ___

    Update to Security Bulletin (APSB17-24)
    > https://blogs.adobe.com/psirt/?p=1484
    "Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.
    The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223. This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.
    At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.
    References:
    [0] Hotfix for 2017.012.20093: https://www.adobe.com/devnet-docs/ac...tyseventeenqfe

    [1] Hotfix for 2017.011.30059: http://www.adobe.com/devnet-docs/acr...tyseventeenqfe

    [2] Hotfix for 2015.006.30352: http://www.adobe.com/devnet-docs/acr...tyseventeenqfe

    - https://nvd.nist.gov/vuln/detail/CVE-2017-11223
    Original release date: 08/11/2017
    Last revised: 08/17/2017

    Last edited by AplusWebMaster; 2017-09-23 at 22:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #132
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.09.12

    FYI...

    Flash 27.0.0.130 released
    - https://helpx.adobe.com/security/pro...apsb17-28.html
    Sep 12, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.130 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    > https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.130 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.130.
    - Please visit the Flash Player Help page* for assistance in installing Flash Player.
    * https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - http://www.securitytracker.com/id/1039314
    CVE Reference: CVE-2017-11281, CVE-2017-11282
    Sep 12 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 26.0.0.151 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (27.0.0.130)...
    ___

    ColdFusion updates
    - https://helpx.adobe.com/security/pro...apsb17-30.html
    Sep 12, 2017 - "Summary: Adobe has released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284)...
    Solution: ...
    ColdFusion (2016 release) Update 5 - Tech note*
    * https://helpx.adobe.com/coldfusion/k...-update-5.html
    ColdFusion 11 Update 13 - Tech note**
    ** https://helpx.adobe.com/coldfusion/k...update-13.html
    Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
    1] ColdFusion (2016 release):
    > http://helpx.adobe.com/coldfusion/kb...-update-5.html
    2] ColdFusion 11:
    >  http://helpx.adobe.com/coldfusion/kb...update-13.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
    ColdFusion (2016 release) Lockdown guide:
    > http://wwwimages.adobe.com/content/d...down-guide.pdf
    ColdFusion 11 Lockdown Guide :
    > http://wwwimages.adobe.com/content/d...down-guide.pdf

    - http://www.securitytracker.com/id/1039321
    CVE Reference: CVE-2017-11283, CVE-2017-11284, CVE-2017-11285, CVE-2017-11286
    Sep 12 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can execute arbitrary code on the target system.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    A remote user can obtain potentially sensitive information on the target system with the privileges of the target service.
    Solution: The vendor has issued a fix (11 Update 13, 2016 Update 5)...
    ___

    RoboHelp RH2017.0.2, RH12.0.4.460 released
    - https://helpx.adobe.com/security/pro...apsb17-25.html
    Sep 12, 2017 - "Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an -important- input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL -redirect- vulnerability rated -moderate- that could be used in phishing campaigns (CVE-2017-3105)...
    Solution: ... Refer to the Release notes* for instructions to download and apply the update.
    Refer to the Knowledge Base article** for instructions to download and apply the fix on RoboHelp 2015..."
    * https://helpx.adobe.com/robohelp/rel...ase-notes.html

    ** https://helpx.adobe.com/robohelp/kb/...y-webhelp.html

    Download: https://www.adobe.com/support/robohelp/downloads.html

    - http://www.securitytracker.com/id/1039319
    CVE Reference: CVE-2017-3104, CVE-2017-3105
    Sep 12 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can cause the target user's browser to be redirected to an arbitrary web site.
    A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe RoboHelp software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (RH12.0.4.460 (Hotfix), RH2017.0.2)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Sep 12, 2017

    Last edited by AplusWebMaster; 2017-09-13 at 17:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #133
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe updates - 2017.10.10

    FYI...

    Flash 27.0.0.159 released
    - https://helpx.adobe.com/security/pro...apsb17-31.html
    Oct 10, 2017 - "Summary: Adobe has released an update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This monthly update addresses functionality bugs...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.159 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    > https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.159 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.159.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - https://www.securitytracker.com/id/1039582
    CVE Reference: CVE-2017-11292
    Oct 17 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 27.0.0.159 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (27.0.0.170)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Oct 16, 2017
    ___

    MS ADV170018 | October Flash Security Update
    > https://portal.msrc.microsoft.com/en...sory/ADV170018
    10/17/2017
    ___

    Archived Flash Player versions:
    > https://helpx.adobe.com/flash-player...-versions.html

    >> https://forums.adobe.com/thread/239585
    [moderator: Added 'VMWare' to title to aid other users who are having the same issue in finding this topic]
    Oct 17, 2017

    Last edited by AplusWebMaster; 2017-10-18 at 18:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #134
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 27.0.0.170 released

    FYI...

    Flash 27.0.0.170 released
    - https://helpx.adobe.com/security/pro...apsb17-32.html
    Oct 16, 2017 - "Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution. Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.170 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    > https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.170 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.170.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - https://www.securitytracker.com/id/1039582
    CVE Reference: CVE-2017-11292
    Oct 17 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 27.0.0.159 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (27.0.0.170)...
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Oct 16, 2017
    ___

    MS ADV170018 | October Flash Security Update
    > https://portal.msrc.microsoft.com/en...sory/ADV170018
    10/17/2017

    - https://www.securitytracker.com/id/1039589
    CVE Reference: CVE-2017-11292
    Oct 17 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Version(s): 27.0.0.159 and prior
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: Microsoft has issued a fix for CVE-2017-11292 ...
    ___

    Archived Flash Player versions:
    > https://helpx.adobe.com/flash-player...-versions.html

    >> https://forums.adobe.com/message/9892958#9892958
    Oct 17, 2017

    Last edited by AplusWebMaster; 2017-10-18 at 22:16.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #135
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe advisories - 2017.11.14

    FYI...

    Flash 27.0.0.187 released
    - https://helpx.adobe.com/security/pro...apsb17-33.html
    11/14/2017 - "... Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to code execution...
    Solution: Note: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.187 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.187 for Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.187.
    Please visit the Flash Player Help page for assistance in installing Flash Player.
    1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    - https://www.securitytracker.com/id/1039778
    CVE Reference: CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
    Nov 14 2017
    Fix Available: Yes Vendor Confirmed: Yes ...
    Description: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.
    A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    An out-of-bounds memory read error may occur [CVE-2017-3112, CVE-2017-3114, CVE-2017-11213].
    A use-after-free memory error may occur [CVE-2017-11215, CVE-2017-11225]...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (27.0.0.187)...
    ___

    Security updates - Adobe Photoshop CC | APSB17-34
    - https://helpx.adobe.com/security/pro...apsb17-34.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039786
    ___

    Security updates - Adobe Connect | APSB17-35
    - https://helpx.adobe.com/security/pro...apsb17-35.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039799
    ___

    Security updates - Adobe Acrobat and Reader | APSB17-36
    - https://helpx.adobe.com/security/pro...apsb17-36.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039791
    ___

    Security updates - Adobe DNG Converter | APSB17-37
    - https://helpx.adobe.com/security/pro...apsb17-37.html
    Nov 14, 2017
    ___

    Security updates - InDesign | APSB17-38
    - https://helpx.adobe.com/security/pro...apsb17-38.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039785
    ___

    Security updates - Adobe Digital Editions | APSB17-39
    - https://helpx.adobe.com/security/pro...apsb17-39.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039798
    ___

    Security update - Shockwave Player | APSB17-40
    - https://helpx.adobe.com/security/pro...apsb17-40.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039784
    ___

    Security updates - Adobe Experience Manager | APSB17-41
    - https://helpx.adobe.com/security/pro...apsb17-41.html
    Nov 14, 2017
    - https://www.securitytracker.com/id/1039800
    ___

    > https://www.us-cert.gov/ncas/current...curity-Updates
    Nov 14, 2017

    Last edited by AplusWebMaster; 2017-11-15 at 15:36.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #136
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe advisory - 2017.12.12

    FYI...

    Flash 28.0.0.126 released
    - https://helpx.adobe.com/security/pro...apsb17-42.html
    Dec 12, 2017
    Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that could lead to the unintended reset of the global settings preference file...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    > https://get.adobe.com/flashplayer/
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.126.
    - Please visit the Flash Player Help page for assistance in installing Flash Player:
    > https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - https://www.securitytracker.com/id/1039986
    CVE Reference: CVE-2017-11305
    Dec 12 2017
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 27.0.0.187 and before ...
    Description: A vulnerability was reported in Adobe Flash Player. Security settings may be reset.
    A logic error may cause the global settings preference file to be reset.
    [Editor's note: The vendor did not indicate whether the attack vector for this vulnerability is local or remote.]
    Impact: The global settings preference file may be reset.
    Solution: The vendor has issued a fix (28.0.0.126)...

    Last edited by AplusWebMaster; 2017-12-13 at 12:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #137
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 28.0.0.137 released

    FYI...

    Flash 28.0.0.137 released
    - https://helpx.adobe.com/security/pro...apsb18-01.html
    Jan 9, 2018
    "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    - https://get.adobe.com/flashplayer/
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.137.
    Please visit the Flash Player Help page* for assistance in installing Flash Player:
    * https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - https://www.us-cert.gov/ncas/current...s-Flash-Player
    Jan 09, 2018
    ___

    - https://www.securitytracker.com/id/1040155
    CVE Reference: CVE-2018-4871
    Jan 10 2018
    Impact: Disclosure of system information, Disclosure of user information
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can obtain potentially sensitive information on the target system.
    Solution: The vendor has issued a fix (28.0.0.137)...

    Last edited by AplusWebMaster; 2018-01-16 at 19:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #138
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 28.0.0.161 released

    FYI...

    Flash 28.0.0.161 released
    - https://helpx.adobe.com/security/pro...apsb18-03.html
    Feb 6, 2018
    "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.161 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
    - https://get.adobe.com/flashplayer/
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.161 for Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.161.
    Please visit the Flash Player Help page for assistance in installing Flash Player:
    - https://helpx.adobe.com/flash-player.html
    [1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #139
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Acrobat, Reader, Experience Manager - updated

    FYI...

    Adobe Acrobat and Reader
    - https://helpx.adobe.com/security/pro...apsb18-02.html
    Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions...
    The latest product versions are available to end users via one of the following methods:
    > Users can update their product installations manually by choosing Help > Check for Updates.
    > The products will update automatically, without requiring user intervention, when updates are detected.
    > The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
    - https://get.adobe.com/reader/

    - https://www.securitytracker.com/id/1040364
    ___

    Adobe Experience Manager - updated
    - https://helpx.adobe.com/security/pro...apsb18-04.html
    Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important...
    Affected product versions: All... minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced:
    Solution: https://helpx.adobe.com/security/pro...abilitydetails

    - https://www.securitytracker.com/id/1040365
    ___

    - https://www.us-cert.gov/ncas/current...curity-Updates
    Feb 13, 2018

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •