Adobe updates/advisories

AplusWebMaster · Mar 12, 2013

Flash v11.6.602.180 released

FYI...

Flash v11.6.602.180 released
- https://www.adobe.com/support/security/bulletins/apsb13-09.html
March 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0646 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0650 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1371 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1375 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.6.602.180.
- Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275.
- Adobe Flash Player 11.6.602.171 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.6.602.171 installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.180 for Windows.
- Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48.
- Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.44.
- Users of Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.6.0.6090.
- Users of the Adobe AIR 3.6.0.597 SDK and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK.
- Users of the Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK & Compiler.

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

>> http://get.adobe.com/air/

:fear:

AplusWebMaster · Apr 9, 2013

Flash, Shockwave, Cold Fusion updates

FYI...

Flash v11.7.700.169 released
- https://www.adobe.com/support/security/bulletins/apsb13-11.html
April 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1378 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1379 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1380 - 7.5 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2555 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.169.
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280.
- Adobe Flash Player 11.6.602.180 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.179 for Windows and 11.7.700.169 for Macintosh and Linux.
- Adobe Flash Player 11.6.602.180 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.169 for Windows 8.
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54.
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.50.
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.7.0.1530.
- Users of the Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1530 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

>> http://get.adobe.com/air/

- https://secunia.com/advisories/52931/
Release Date: 2013-04-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
___

Shockwave v12.0.2.122 released
- https://www.adobe.com/support/security/bulletins/apsb13-12.html
April 9, 2013
CVE number: CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.0.112 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to Adobe Shockwave Player 12.0.2.122 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to the newest version 12.0.2.122, available here: http://get.adobe.com/shockwave/

- https://secunia.com/advisories/52981/
Release Date: 2013-04-10
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 12.0.2.122
___

ColdFusion hotfix
- https://www.adobe.com/support/security/bulletins/apsb13-10.html
April 9, 2013
CVE number: CVE-2013-1387, CVE-2013-1388
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-10.html

- https://secunia.com/advisories/52995/
Release Date: 2013-04-10
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing
Where: From remote...
Solution: Apply hotfix.

:fear:

AplusWebMaster · May 9, 2013

0-day ColdFusion critical vulnerability

FYI...

0-day ColdFusion critical vulnerability - https://isc.sans.edu/diary.html?storyid=15770
- https://www.adobe.com/support/security/advisories/apsa13-03.html
May 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3336
Summary: Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.
There are reports that an exploit for this vulnerability is publicly available. ColdFusion customers who have restricted public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories (as outlined in the ColdFusion 9 Lockdown Guide* and ColdFusion 10 Lockdown Guide**) are already mitigated against this issue. Customers who have not already applied these steps can protect themselves from CVE-2013-3336 by implementing the following configuration settings:
- Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide**
We are in the process of finalizing a fix for this issue and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to be available on May 14, 2013...
* http://wwwimages.adobe.com/www.adob...ion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf

** http://wwwimages.adobe.com/www.adob...fusion-enterprise/pdf/CF10 Lockdown Guide.pdf

Revisions - May 9, 2013: Revised to clarify the CFIDE/gettingstarted directory is only applicable to ColdFusion version 8.x and earlier.

- http://atlas.arbor.net/briefs/index#366717635
Severity: High Severity
May 09, 2013 17:23
"... being exploited in the wild..."
___

Prenotification Security Advisory for Adobe Reader and Acrobat
- https://www.adobe.com/support/security/bulletins/apsb13-15.html
May 9, 2013 - "Summary: Adobe is planning to release security updates on Tuesday, May 14, 2013 for Adobe Reader and Acrobat..."

:fear::fear:

AplusWebMaster · May 14, 2013

Flash v11.7.700.202 - Reader/Acrobat v11.0.03 - ColdFusion hotfix released

FYI...

Flash v11.7.700.202 released
- https://www.adobe.com/support/security/bulletins/apsb13-14.html
May 14, 2013
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.202.
- Users of Adobe Flash Player 11.2.202.280 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.285.
- Adobe Flash Player 11.7.700.169 installed with Google Chrome (and version 11.7.700.179 on the Windows platform) will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.169 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.202 for Windows 8.
- Users of Adobe Flash Player 11.1.115.54 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.58.
- Users of Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.54.
- Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.7.0.1860.
- Users of Adobe AIR 3.7.0.1660 and earlier versions for Android should update to Adobe AIR 3.7.0.1860.
- Users of the Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1860 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

>> http://get.adobe.com/air/
___

Adobe Reader/Acrobat v11.0.03 released
- https://www.adobe.com/support/security/bulletins/apsb13-15.html
May 14, 2013
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
- For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
- For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
- Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
- Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
- For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
- For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5...
___

ColdFusion hotfix available
- https://www.adobe.com/support/security/bulletins/apsb13-13.html
May 14, 2013
CVE number: CVE-2013-1389, CVE-2013-3336
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" ...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.

:fear::fear::fear:

AplusWebMaster · Jun 11, 2013

Flash v11.7.700.224 released

FYI...

Flash v11.7.700.224 released
- https://www.adobe.com/support/security/bulletins/apsb13-16.html
June 11, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3343 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.202 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.224.
- Users of Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.225.
- Users of Adobe Flash Player 11.2.202.285 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.291.
- Adobe Flash Player 11.7.700.203 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.225 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.202 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.224 for Windows 8.
- Users of Adobe Flash Player 11.1.115.58 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.63.
- Users of Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.59.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Windows should update to Adobe AIR 3.7.0.2090.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.2100.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Android should update to Adobe AIR 3.7.0.2090.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.7.0.2090 SDK & Compiler.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.7.0.2100 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/53751/
Release Date: 2013-06-11
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is caused due to an unspecified error and can be exploited to cause memory corruption.
Solution: Update to a fixed version.

:fear::fear:

AplusWebMaster · Jul 9, 2013

Flash Player 11.8.800.94 released

FYI...

Flash Player 11.8.800.94 released
- https://www.adobe.com/support/security/bulletins/apsb13-17.html
July 9, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3344 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3345 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3347 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297.
- Adobe Flash Player 11.7.700.225 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.97 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.224 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.94 for Windows 8.
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69.
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.64...

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine
___

Shockwave Player 12.0.3.133 released
- https://www.adobe.com/support/security/bulletins/apsb13-18.html
July 9, 2013
CVE number: CVE-2013-3348
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to Adobe Shockwave Player 12.0.3.133...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to the newest version 12.0.3.133, available here:
- http://get.adobe.com/shockwave/
___

ColdFusion hotfixes available
- https://www.adobe.com/support/security/bulletins/apsb13-19.html
July 9, 2013
CVE number: CVE-2013-3349, CVE-2013-3350
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10 for Windows, Macintosh and Linux. This hotfix addresses a vulnerability (CVE-2013-3350) that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets. Adobe has released a security hotfix for ColdFusion versions 9.0, 9.0.1 and 9.0.2 on JRun. This hotfix addresses a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun. ColdFusion 10 customers are not affected by CVE-2013-3349.
Adobe recommends users update their product installation...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html ...
___

- https://isc.sans.edu/diary.html?storyid=16129
Last Updated: 2013-07-09 18:41:00 UTC
___

Flash:
- https://secunia.com/advisories/53975/

Shockwave:
- https://secunia.com/advisories/53894/

ColdFusion:
- https://secunia.com/advisories/53997/
- https://secunia.com/advisories/54024/

:fear::fear::fear:

AplusWebMaster · Sep 10, 2013

Flash Player, Reader, Shockwave updates ...

FYI...

Flash Player v11.8.800.168 released
- http://www.adobe.com/support/security/bulletins/apsb13-21.html
Sep 10, 2013
CVE number: CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.8.800.168.
- Users of Adobe Flash Player 11.2.202.297 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.310.
- Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.8.800.94 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.168 for Windows 8.
- Users of Adobe Flash Player 11.1.115.69 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.81.
- Users of Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.73.
- Users of Adobe AIR 3.8.0.870 and earlier versions for Windows and Android should update to Adobe AIR 3.8.0.1430.
- Users of Adobe AIR 3.8.0.910 and earlier versions for Macintosh should update to Adobe AIR 3.8.0.1430.
- Users of the Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
- Users of the Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.8.0.1430 SDK & Compiler...

Flash Download:
> https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

Adobe AIR 3.8
- http://get.adobe.com/air/

- https://secunia.com/advisories/54697/
Release Date: 2013-09-10
Criticality: Highly Critical
Software: Adobe AIR 3.x, Adobe Flash Player 11.x
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-21.html
___

Adobe Reader / Acrobat v11.0.04 released
- http://www.adobe.com/support/security/bulletins/apsb13-22.html
Sep 10, 2013
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.03) for Windows and Macintosh should update to Adobe Reader XI (11.0.04).
- For users of Adobe Reader X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.04), Adobe has made available the update Adobe Reader X (10.1.8 ).
- Users of Adobe Acrobat XI (11.0.03) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.04).
- For users of Adobe Acrobat X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.04), Adobe has made available the update Adobe Acrobat X (10.1.8 )...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
Help >About >Check for updates...

- https://secunia.com/advisories/54694/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-22.html
___

Shockwave Player v12.0.4.144 released
- http://www.adobe.com/support/security/bulletins/apsb13-23.html
Sep 10, 2013
CVE number: CVE-2013-3359 and CVE-2013-3360
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to Adobe Shockwave Player 12.0.4.144 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to the newest version 12.0.4.144, available here:
- http://get.adobe.com/shockwave/

- https://secunia.com/advisories/54700/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3359, CVE-2013-3360
... can be exploited by malicious people to compromise a user's system.
Solution: Update to version 12.0.4.144.
Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-23.html

:fear::fear::fear:

AplusWebMaster · Sep 21, 2013

Flash Player 11.8.800.175 - Win IE ...

FYI...

Flash Player 11.8.800.175 (Win IE) ...
- http://forums.adobe.com/message/5698133
Sep 19, 2013 - "... Flash Player 11.8.800.175 is available for download via our auto update mechanism. This update includes multiple stability fixes for the Windows ActiveX (Internet Explorer) plugin only ...
Bug fixes: 3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side..."

Flash Player 11.8.800.175 (Win IE) ...
- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine
___

Text is corrupted when it's typed into a webpage that uses Adobe Flash Player after you install security update 2880289
- http://support.microsoft.com/kb/2889543
Last Review: September 24, 2013 - Revision: 2.0
"... issue is resolved in the current release of Adobe Flash Player. For more information, see the following Adobe release notes:
- http://helpx.adobe.com/en/flash-player/release-note/fp_118_air_38_release_notes.html
"...Fixed Issues
September 24th, 2013
3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side
3631555 - [Windows][IE] ExternalInterface.call() does not work normally since flash player 11.8.800.168
3631605 - [Windows][IE][Video] Video playback failure in Nico Video ...
- http://helpx.adobe.com/en/flash-pla...8_air_38_release_notes.html#released_versions
Flash Player Desktop (Win Internet Explorer) 11.8.800.175 ..."

* http://support.microsoft.com/kb/2880289
Last Review: September 24, 2013 - Revision: 4.1

:fear:

AplusWebMaster · Oct 8, 2013

Adobe security updates Oct 8, 2013 ...

FYI...

Flash Player v11.9 / AIR 3.9
- http://helpx.adobe.com/en/flash-pla...9_air_39_release_notes.html#released_versions
Oct 8, 2013
Deliverable Released Version
Flash Player Desktop (Win Internet Explorer) 11.9.900.117
Flash Player Desktop (Win Other Browsers) 11.9.900.117
Flash Player Desktop (Mac) 11.9.900.117
Flash Player Desktop (Linux) 11.2.202.310
Flash Player Enterprise 11.7 (Mac and Win) 11.7.700.242
Flash Player Desktop (Win 8) 11.9.900.117
Flash Player Desktop (Chrome) 11.9.900.117
AIR Desktop (Win) 3.9.0.1030
AIR Desktop (Mac) 3.9.0.1030
AIR Android 3.9.0.1060
AIR SDK & Compiler(Win) 3.9.0.1030
AIR SDK & Compiler(Mac) 3.9.0.1030
AIR SDK(Win) 3.9.0.1030
AIR SDK(Mac) 3.9.0.1030

- http://forums.adobe.com/message/5744968#5744968
Oct 8, 2013

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

Adobe AIR 3.9
- http://get.adobe.com/air/
___

Adobe Reader/Acrobat v11.0.05 released
- http://www.adobe.com/support/security/bulletins/apsb13-25.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5325 - 9.3 (HIGH)
[Last revised: 10/10/2013]
Platform: Windows
"Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows. These updates address a -regression- that occurred in version 11.0.04 affecting Javascript security controls. Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are -not- affected, and all versions of Adobe Reader and Acrobat for Macintosh are also -not- affected by this vulnerability. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.04) for Windows should update to Adobe Reader XI (11.0.05).
- Users of Adobe Acrobat XI (11.0.04) for Windows should update to Adobe Acrobat XI (11.0.05)...
Adobe Reader: Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
___

Adobe RoboHelp - Security update
- http://www.adobe.com/support/security/bulletins/apsb13-24.html
Oct 8, 2013
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5327 - 10.0 (HIGH)
Platform: Windows
"Summary: Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section...
This update addresses a -critical- vulnerability in the software..."
Affected software versions: RoboHelp 10 for Windows
Solution: Adobe recommends users of RoboHelp 10 apply the fix...
(See the Adobe URL above for links and fix.)

:fear::fear:

AplusWebMaster · Nov 12, 2013

Flash v11.9.900.152, Air v3.9.0.1210, ColdFusion hotfix ..

FYI...

Flash v11.9.900.152 released
- https://www.adobe.com/support/security/bulletins/apsb13-26.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5329 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5330 - 10.0 (HIGH)
Platform: All Platforms
"Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.152.
- Users of Adobe Flash Player 11.2.202.310 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.327.
- Adobe Flash Player 11.9.900.117 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.152 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.0
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.1
- Users of Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1210.
- Users of Adobe AIR 3.9.0.1060 and earlier versions for Android should update to Adobe AIR 3.9.0.1210.
- Users of the Adobe AIR 3.9.0.1030 SDK and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK.
- Users of the Adobe AIR 3.9.0.1030 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK & Compiler...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player...lash_Player_version_installed_on_your_machine

Adobe AIR 3.9.0.1210
- http://get.adobe.com/air/
___

ColdFusion hotfix...
- https://www.adobe.com/support/security/bulletins/apsb13-27.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5326 - 3.5
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5328 - 7.8 (HIGH)
Platform: All platforms
"Summary: Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux. This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. This hotfix also addresses a vulnerability (CVE-2013-5328) in ColdFusion 10 that could permit unauthorized remote read access...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html

:fear::fear:

AplusWebMaster · Dec 10, 2013

Flash 11.9.900.170, Shockwave 12.0.7.148 released

FYI...

Flash 11.9.900.170 released
- http://helpx.adobe.com/security/products/flash-player/apsb13-28.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5331 - 9.3 (HIGH)
"... as exploited in the wild in December 2013."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5332 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack.
Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.170.
• Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332.
• Adobe Flash Player 11.9.900.152 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.170 for Windows, Macintosh and Linux.
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.0
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.1
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1380.
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Android should update to Adobe AIR 3.9.0.1380.
• Users of the Adobe AIR 3.9.0.1210 SDK and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK.
• Users of the Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK & Compiler...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player.html

Adobe AIR
- http://get.adobe.com/air/

- https://secunia.com/advisories/55948/
Criticality: Highly Critical
___

Shockwave 12.0.7.148 released
- http://helpx.adobe.com/security/products/shockwave/apsb13-29.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5333 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5334 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to Adobe Shockwave Player 12.0.7.148 using the instructions provided in the "Solution" section below.
Affected software versions: Adobe Shockwave Player 12.0.6.147 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to the newest version 12.0.7.148, available here:
- http://get.adobe.com/shockwave/

- https://secunia.com/advisories/55952/
Criticality: Highly Critical

:fear::fear:

AplusWebMaster · Jan 10, 2014

Adobe Reader/Acrobat - Prenotification Security Advisory

FYI...

Prenotification Security Advisory for Adobe Reader and Acrobat
- http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
Jan 9, 2014 - "Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh... This Security Advisory will be replaced with the Security Bulletin upon release of the update on Tuesday, January 14, 2014..."

:fear::fear:

AplusWebMaster · Jan 14, 2014

Flash 12.0.0.38, Reader/Acrobat 11.0.06 released

FYI...

Flash 12.0.0.38 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
Jan 14, 2014
CVE number: CVE-2014-0491, CVE-2014-0492
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.332 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.
- Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.0.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.1.
-- Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.
- Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.
- Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.
- Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player.html

Adobe AIR
- http://get.adobe.com/air/
___

Adobe Reader/Acrobat 11.0.06 released
- http://helpx.adobe.com/security/products/reader/apsb14-01.html
Jan 14, 2014
CVE Numbers: CVE-2014-0493, CVE-2014-0495, CVE-2014-0496
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.05) for Windows and Macintosh should update to Adobe Reader XI 11.0.06.
- For users of Adobe Reader X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.06), Adobe has made available the update Adobe Reader X (10.1.9).
- Users of Adobe Acrobat XI (11.0.05) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.06).
- For users of Adobe Acrobat X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.06), Adobe has made available the update Adobe Acrobat X (10.1.9)...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...

:fear::fear:

AplusWebMaster · Jan 23, 2014

Adobe Digital Editions v3.0 released

FYI...

Adobe Digital Editions v3.0 released
- https://secunia.com/advisories/56578/
Release Date: 2014-01-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0494
... vulnerability is reported in version 2.0.1.
Solution: Upgrade to version 3.0.
Original Advisory:
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html

- http://www.adobe.com/products/digital-editions/download.html

:fear:

AplusWebMaster · Feb 4, 2014

Flash 12.0.0.44 released

FYI...

Flash 12.0.0.44 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
Feb 4, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.
- Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.
- Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1...
These updates address -critical- vulnerabilities in the software...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player.html
___

- https://secunia.com/advisories/56737/
Release Date: 2014-02-05
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution Status: Vendor Patch
... vulnerability is actively exploited in the wild.
Reported as a 0-Day...
CVE Reference: CVE-2014-0497
Solution: Update to a fixed version...

- http://atlas.arbor.net/briefs/index#375357101
High Severity
6 Feb 2014

CVE-2014-0497 – a 0-day vulnerability
- https://www.securelist.com/en/blog/8177/CVE_2014_0497_a_0_day_vulnerability
Feb 5, 2014

:fear: :fear: :sad:

AplusWebMaster · Feb 11, 2014

Shockwave Player 12.0.9.149 released

FYI...

Shockwave Player 12.0.9.149 released
- http://helpx.adobe.com/security/products/shockwave/apsb14-06.html
Feb 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0500 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0501 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system... Adobe recommends users of Adobe Shockwave Player 12.0.7.148 and earlier versions update to the newest version 12.0.9.149, available here:
- http://get.adobe.com/shockwave/
___

Test Shockwave
- http://www.adobe.com/shockwave/welcome/
___

- https://secunia.com/advisories/56740/
Release Date: 2014-02-11
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0500, CVE-2014-0501
Solution: Update to version 12.0.9.149

:fear:

AplusWebMaster · Feb 20, 2014

Flash 12.0.0.70 released

FYI...

Flash 12.0.0.70 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
Feb 20, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499 - 7.8 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..."
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70.
- Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341.
- Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.
- Users of Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628.
- Users of the Adobe AIR 4.0.0.1390 SDK and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK.
- Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1628 SDK & Compiler...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player.html

Adobe AIR
- http://get.adobe.com/air/
___

- https://secunia.com/advisories/57057/
Release Date: 2014-02-21
Criticality: Extremely Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
Solution:
Update to a fixed version...

:fear: :fear:

AplusWebMaster · Mar 11, 2014

Flash 12.0.0.77 released

FYI...

Flash 12.0.0.77 released
- http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
March 11, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0503 - 6.4
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 - 5.0
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. These updates address -important- vulnerabilities, and Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.77
- Users of Adobe Flash Player 11.2.202.341 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.346
- Adobe Flash Player 12.0.0.70 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.77 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.0.
- Adobe Flash Player 12.0.0.70 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.77 for Windows 8.1...

- https://www.adobe.com/products/flashplayer/distribution3.html

Flash test site:
- http://www.adobe.com/software/flash/about/

- http://helpx.adobe.com/flash-player.html

:fear:

AplusWebMaster · Mar 13, 2014

Shockwave 12.0.9.150 released

FYI...

Shockwave 12.0.9.150 released
- http://helpx.adobe.com/security/products/shockwave/apsb14-10.html
March 13, 2014
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0505 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.9.149 and earlier versions on the Windows and Macintosh operating systems. This update addresses a -critical- vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to Adobe Shockwave Player 12.1.0.150 using the instructions provided in the "Solution" section...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.9.149 and earlier versions update to the newest version 12.1.0.150, available here:
- http://get.adobe.com/shockwave/
___

- https://secunia.com/advisories/57277/
Release Date: 2014-03-14
Criticality: Highly Critical
Where: From remote
Impact: System access...
... vulnerability is reported in versions 12.0.9.149 and prior running on Windows and Macintosh.
Solution: Update to version 12.1.0.150.

:fear:

AplusWebMaster · Mar 22, 2014

Flash exploit in-the-wild ...

FYI...

Flash exploit in-the-wild ...
- http://www.threattracksecurity.com/it-blog/adobe-exploit-cve-2014-0502/
Mar 21, 2014 - "... new exploit in the wild going after a known Adobe vulnerability... detected the file cc.swf delivered via the malicious link hxxp ://java-sky .com/swf/cc.swf**... Only 7/51 antivirus vendors on VirusTotal* detect the malicious payload at the time of this post..."

* https://www.virustotal.com/en/file/...a390eff4fd5a826a4d4986e1e6fe679d87f/analysis/

** 50.62.99.1 - https://www.virustotal.com/en/ip-address/50.62.99.1/information/

- http://google.com/safebrowsing/diagnostic?site=AS:26496

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)

Latest Flash version 12.0.0.77
- http://forums.spybot.info/showthrea...tes-advisories&p=451165&viewfull=1#post451165

Flash test site:
- http://www.adobe.com/software/flash/about/

:fear:

Adobe updates/advisories

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member