Adobe updates/advisories

AplusWebMaster · Mar 14, 2017

Adobe updates - 2017.03.14

FYI...

Flash 25.0.0.127 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
Mar 14, 2017
CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.127 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.127 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.127.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1037994
CVE Reference: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Mar 14 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 24.0.0.221 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (25.0.0.127)...
___

Shockwave Player 12.2.8.198 released
- https://helpx.adobe.com/security/products/shockwave/apsb17-08.html
Mar 14, 2017
CVE number: CVE-2017-2983
Platform: Windows
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an?important vulnerability that could potentially lead to escalation of privilege...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.7.197 and earlier versions for Windows update to Adobe Shockwave Player 12.2.8.198 by visiting the Adobe Shockwave Player Download Center:
- https://get.adobe.com/shockwave/

- http://www.securitytracker.com/id/1037993
CVE Reference: CVE-2017-2983
Mar 14 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.2.7.197 and prior ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.2.8.198)...

:fear::fear:

AplusWebMaster · Apr 11, 2017

Adobe Updates - 2017.04.11

FYI...

Flash 25.0.0.148 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-10.html
April 11, 2017
CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Platform: Windows, Macintosh, Linux and Chrome OS ...
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.148 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.148 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.148.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1038225
CVE Reference: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Apr 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.127 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.148)...
___

Adobe Acrobat and Reader Updates
- https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
April 11, 2017
CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017,
CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052,
CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Platform: Windows and Macintosh ...
Solution: Adobe recommends users update their software installations to the latest versions by following the
instructions below.
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
- https://get.adobe.com/reader/
For IT administrators (managed environments):
> Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/ or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
For more information on Acrobat DC, please visit the Acrobat DC FAQ page:
- https://helpx.adobe.com/acrobat/faq.html
For more information on Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page:
- https://helpx.adobe.com/reader/faq.html
Acrobat for Windows
> http://supportdownloads.adobe.com/product.jsp?product=1&platform=Windows
Reader for Windows
> http://supportdownloads.adobe.com/product.jsp?product=10&platform=Windows
Acrobat for Macintosh
> http://supportdownloads.adobe.com/product.jsp?product=1&platform=Mac
Reader for Macintosh
> http://supportdownloads.adobe.com/product.jsp?product=10&platform=Mac

- http://www.securitytracker.com/id/1038228
CVE Reference: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Apr 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (Classic 2015.006.30306, Continuous 2017.009.20044, XI 11.0.20)...
___

Adobe Photoshop CC
- https://helpx.adobe.com/security/products/photoshop/apsb17-12.html
April 11, 2017
CVE number: CVE-2017-3004, CVE-2017-3005
Platform: Windows and Macintosh...
___

Creative Cloud Desktop Application
- https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html
April 11, 2017
CVE number: CVE-2017-3006, CVE-2017-3007
Platform: Windows
___

Adobe Campaign
- https://helpx.adobe.com/security/products/campaign/apsb17-09.html
April 11, 2017
CVE number: CVE-2017-2989
Platform: Windows and Linux
___

Qualys analysis:
- https://blog.qualys.com/laws-of-vul...fixes-flash-pdf-reader-and-photoshop-in-april
April 11, 2017 - "Adobe released -five- security bulletins today... Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take complete control of user’s computer if the user views malicious flash content hosted by the attacker. Although flash based exploit kit activity has reduced as compared to last year we still recommend updating this first..."
___

- https://www.us-cert.gov/ncas/current-activity/2017/04/11/Adobe-Releases-Security-Updates
April 11, 2017

:fear::fear::fear::fear:

AplusWebMaster · Apr 26, 2017

ColdFusion Hotfixes available

FYI...

ColdFusion Hotfixes available
- https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
April 25, 2017
CVE number: CVE-2017-3008, CVE-2017-3066
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below...
Solution: ... Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
ColdFusion (2016 release): http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-4.html
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-12.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
ColdFusion (2016 release) Lockdown guide:
- http://wwwimages.adobe.com/content/...usion/pdfs/coldfusion-2016-lockdown-guide.pdf
ColdFusion 11 Lockdown Guide:
- https://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf
ColdFusion 10 Lockdown Guide:
- https://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf

- http://www.securitytracker.com/id/1038364
CVE Reference: CVE-2017-3008, CVE-2017-3066
Apr 26 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11, 2016 ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10 Update 23, 11 Update 12, 2016 Update 4)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/04/26/Adobe-Releases-Security-Updates-ColdFusion
April 26, 2017

:fear::fear:

AplusWebMaster · May 9, 2017

Adobe updates - 2017.05.09

FYI...

Flash 25.0.0.171 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
May 9, 2017
CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.171 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center...
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.171 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.171.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1038427
CVE Reference: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.148 and prior (Windows/Linux); 25.0.0.163 and prior (Mac)...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.171)...
___

Adobe Experience Manager Forms
- https://helpx.adobe.com/security/products/aem-forms/apsb17-16.html
May 9, 2017
CVE number: CVE-2017-3067
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms...
Solution: Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
Adobe Experience Manager Forms 6.2 6.2 SP1 CFP3 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/experience-manager/release-notes--aem-6-2-cumulative-fix-pack.html
Adobe Experience Manager Forms 6.1 6.1 SP2 CFP8 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/experience-manager/release-notes--aem-6-1-cumulative-fix-pack-.html
Adobe Experience Manager Forms 6.0 HotFix 2.0.58 Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe.com/aem-forms/quick-fixes/6-0/adaptive-form-2-0-58.html

- http://www.securitytracker.com/id/1038428
CVE Reference: CVE-2017-3067
May 9 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6.0, 6.1, 6.2 ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (6.0 HotFix 2.0.58, 6.1 SP2 CFP8, 6.2 SP1 CFP3)...

:fear::fear:

AplusWebMaster · Jun 13, 2017

Adobe updates - 2017.06.13

FYI...

Flash 26.0.0.126 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.120.
Please visit the Flash Player Help page* for assistance in installing Flash Player.
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
* https://helpx.adobe.com/flash-player.html

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1038655
CVE Reference: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
Jun 13 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 25.0.0.171 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (26.0.0.126)...
___

Shockwave 12.2.9.199 released
- https://helpx.adobe.com/security/products/shockwave/apsb17-18.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical memory corruption vulnerability that could lead to code execution...
Adobe recommends users of Adobe Shockwave Player 12.2.8.198 and earlier versions for Windows update to Adobe Shockwave Player 12.2.9.199 by visiting the Adobe Shockwave Player Download Center:
> https://get.adobe.com/shockwave/
___

Adobe Captivate 10.0.0.192
- https://helpx.adobe.com/security/products/captivate/apsb17-19.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate...
10.0.0.192: https://helpx.adobe.com/captivate/release-note/adobe-captivate-release-notes.html
Tech note: https://helpx.adobe.com/captivate/kb/security-updates-captivate.html
___

Adobe Digital Editions 4.5.5
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe Digital Editions 4.5.5
Windows: https://www.adobe.com/solutions/ebook/digital-editions/download.html
Macintosh: https://www.adobe.com/solutions/ebook/digital-editions/download.html
iOS: https://itunes.apple.com/us/app/adobe-digital-editions/id952977781?mt=8
Android: https://play.google.com/store/apps/details?id=com.adobe.digitaleditions

:fear::fear::fear:

AplusWebMaster · Jun 23, 2017

Flash 26.0.0.131 released

FYI...

Flash 26.0.0.131 released

Yours may have -automatically- updated to 26,0,0,131 - check here:
> https://get.adobe.com/flashplayer/about/
... 'should read:
"You have version 26,0,0,131 installed" - if NOT, use the -manual- downloads below!
[ALL browsers installed on your system]

> https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html
June 16, 2017 - "In today's release, we've updated Flash Player to address a bug that was impacting some Flash content. If you are having problems interacting with mouse button presses or drag and drop actions, we recommend you update..."
___

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
___

Ref: http://www.computerworld.com/articl...ayer-updated-just-3-days-after-an-update.html
Jun 18, 2017
___

Flash Player Download Center
> https://get.adobe.com/flashplayer/
Version 26.0.0.131

:fear:

AplusWebMaster · Jul 11, 2017

Flash 26.0.0.137, Adobe Connect 9.6.2 released

FYI...

Flash 26.0.0.137 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
July 11, 2017
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.137.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://chl-author-preview.corp.adobe.com/content/help/en/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1038845
CVE Reference: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Jul 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 26.0.0.131 and before...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (26.0.0.137)...
___

Adobe Connect 9.6.2 released
- https://helpx.adobe.com/security/products/connect/apsb17-22.html
July 11, 2017
"Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101)...
> https://helpx.adobe.com/adobe-connect/release-note/adobe-connect-9-6-2-release-notes.html
"... Adobe Connect 9.6.2 will be rolled out in phases:
On-premise: Adobe Connect 9.6.2 installer for customer on-premise deployments (all supported locales): Jun 26th, 2017
Hosted: Adobe Connect 9.6.2 service hosted by Adobe: Starting Jun 19th, 2017
Managed Services: Adobe-managed customer-specific cloud deployment of Adobe Connect: Updates are scheduled based on customer requirements. Reach out to your Adobe Connect managed services representative to schedule your update..."

- http://www.securitytracker.com/id/1038846
CVE Reference: CVE-2017-3101, CVE-2017-3102, CVE-2017-3103
Jul 11 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.6.1 and before...
Impact: A remote user can conduct clickjacking attacks.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.6.2)...

:fear::fear:

AplusWebMaster · Jul 26, 2017

Adobe Flash - EOL end of 2020

FYI...

Adobe Flash - EOL end of 2020
- https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
July 25, 2017 - "... as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web... Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats..."

... i.e.: HTML5, WebGL and WebAssembly.

:fear:

tashi · Aug 9, 2017

Security Update Available for Adobe Acrobat and Reader | APSB17-24

Summary.

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system.

https://helpx.adobe.com/security/products/acrobat/apsb17-24.html

AplusWebMaster · Aug 13, 2017

Flash 26.0.0.151 released

FYI...

> https://helpx.adobe.com/security.html

Flash 26.0.0.151 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
Aug 8, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure...
Solution: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.151 via the update mechanism within the product[1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.151 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.151.
- Please visit the Flash Player Help page for assistance in installing Flash Player*.
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1039088
CVE Reference: CVE-2017-3085, CVE-2017-3106
Aug 8 2017
Version(s): 26.0.0.137 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (26.0.0.151)...
___

Adobe Experience Manager...
- https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html
Aug 8 2017 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve an important file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110)..."
[Release notes for multiple versions at the URL above.]

- http://www.securitytracker.com/id/1039099
CVE Reference: CVE-2017-3107, CVE-2017-3108, CVE-2017-3110
Aug 8 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 6.0, 6.1, 6.2, 6.3 ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix...
___

Adobe Digital Editions...
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
Aug 8 2017 - "Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure..."
Release Notes: https://www.adobe.com/solutions/ebook/digital-editions/release-notes.html

- http://www.securitytracker.com/id/1039100
CVE Reference: CVE-2017-11272, CVE-2017-11274, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280, CVE-2017-1129, CVE-2017-3091
Aug 8 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 4.5.5 and before ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (4.5.6)...

:fear::fear::fear:

AplusWebMaster · Aug 28, 2017

Acrobat/Reader - 11.0.22 Out of cycle update

FYI...

Acrobat/Reader - 11.0.22 Out of cycle update
- https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.22.html
Aug 22, 2017
Patch Installers / Install over 11.0.21

- https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html
... How do I update manually? Go to Help > Check for updates, and install the updates...

Bug fixes: Forms-XFA / 4221443: Acrobat and Reader crash on launching some XFA forms.

Known issues | Acrobat XI, Reader XI
- https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-xi-reader.html
__

Adobe Reader for Windows
- http://supportdownloads.adobe.com/product.jsp?platform=windows&product=10
Full Download / Updates/Programs
___

Update to Security Bulletin (APSB17-24)
> https://blogs.adobe.com/psirt/?p=1484
"Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.
The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223. This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.
At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.
References:
[0] Hotfix for 2017.012.20093: https://www.adobe.com/devnet-docs/a...qfe.html#dccontinuousaugusttwentyseventeenqfe

[1] Hotfix for 2017.011.30059: http://www.adobe.com/devnet-docs/ac...2017qfe.html#dc17-011augusttwentyseventeenqfe

[2] Hotfix for 2015.006.30352: http://www.adobe.com/devnet-docs/ac...2017qfe.html#dc15-006augusttwentyseventeenqfe

- https://nvd.nist.gov/vuln/detail/CVE-2017-11223
Original release date: 08/11/2017
Last revised: 08/17/2017

:fear:

AplusWebMaster · Sep 12, 2017

Adobe updates - 2017.09.12

FYI...

Flash 27.0.0.130 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
Sep 12, 2017 - "Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.130 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.130 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.130.
- Please visit the Flash Player Help page* for assistance in installing Flash Player.
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1039314
CVE Reference: CVE-2017-11281, CVE-2017-11282
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 26.0.0.151 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.130)...
___

ColdFusion updates
- https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html
Sep 12, 2017 - "Summary: Adobe has released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284)...
Solution: ...
ColdFusion (2016 release) Update 5 - Tech note*
* https://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-5.html
ColdFusion 11 Update 13 - Tech note**
** https://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-13.html
Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
1] ColdFusion (2016 release):
> http://helpx.adobe.com/coldfusion/kb/coldfusion-2016-update-5.html
2] ColdFusion 11:
>  http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
ColdFusion (2016 release) Lockdown guide:
> http://wwwimages.adobe.com/content/...usion/pdfs/coldfusion-2016-lockdown-guide.pdf
ColdFusion 11 Lockdown Guide :
> http://wwwimages.adobe.com/content/...usion/pdfs/coldfusion-2016-lockdown-guide.pdf

- http://www.securitytracker.com/id/1039321
CVE Reference: CVE-2017-11283, CVE-2017-11284, CVE-2017-11285, CVE-2017-11286
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can obtain potentially sensitive information on the target system with the privileges of the target service.
Solution: The vendor has issued a fix (11 Update 13, 2016 Update 5)...
___

RoboHelp RH2017.0.2, RH12.0.4.460 released
- https://helpx.adobe.com/security/products/robohelp/apsb17-25.html
Sep 12, 2017 - "Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an -important- input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL -redirect- vulnerability rated -moderate- that could be used in phishing campaigns (CVE-2017-3105)...
Solution: ... Refer to the Release notes* for instructions to download and apply the update.
Refer to the Knowledge Base article** for instructions to download and apply the fix on RoboHelp 2015..."
* https://helpx.adobe.com/robohelp/release-note/robohelp-2017-release-notes.html

** https://helpx.adobe.com/robohelp/kb/security-vulnerability-webhelp.html

Download: https://www.adobe.com/support/robohelp/downloads.html

- http://www.securitytracker.com/id/1039319
CVE Reference: CVE-2017-3104, CVE-2017-3105
Sep 12 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can cause the target user's browser to be redirected to an arbitrary web site.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe RoboHelp software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (RH12.0.4.460 (Hotfix), RH2017.0.2)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/09/12/Adobe-Releases-Security-Updates
Sep 12, 2017

:fear::fear::fear:

AplusWebMaster · Oct 10, 2017

Adobe updates - 2017.10.10

FYI...

Flash 27.0.0.159 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-31.html
Oct 10, 2017 - "Summary: Adobe has released an update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This monthly update addresses functionality bugs...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.159 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.159 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.159.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- https://www.securitytracker.com/id/1039582
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.159 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.170)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates
Oct 16, 2017
___

MS ADV170018 | October Flash Security Update
> https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170018
10/17/2017
___

Archived Flash Player versions:
> https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

>> https://forums.adobe.com/thread/239585
[moderator: Added 'VMWare' to title to aid other users who are having the same issue in finding this topic]
Oct 17, 2017

:fear::fear:

AplusWebMaster · Oct 16, 2017

Flash 27.0.0.170 released

FYI...

Flash 27.0.0.170 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Oct 16, 2017 - "Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a critical type confusion vulnerability that could lead to code execution. Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.170 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.170 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.170.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- https://www.securitytracker.com/id/1039582
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.159 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.170)...
___

- https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates
Oct 16, 2017
___

MS ADV170018 | October Flash Security Update
> https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170018
10/17/2017

- https://www.securitytracker.com/id/1039589
CVE Reference: CVE-2017-11292
Oct 17 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Version(s): 27.0.0.159 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: Microsoft has issued a fix for CVE-2017-11292 ...
___

Archived Flash Player versions:
> https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

>> https://forums.adobe.com/message/9892958#9892958
Oct 17, 2017

:fear::fear:

AplusWebMaster · Nov 14, 2017

Adobe advisories - 2017.11.14

FYI...

Flash 27.0.0.187 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
11/14/2017 - "... Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to code execution...
Solution: Note: Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.187 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 27.0.0.187 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 27.0.0.187.
Please visit the Flash Player Help page for assistance in installing Flash Player.
1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

- https://www.securitytracker.com/id/1039778
CVE Reference: CVE-2017-11213, CVE-2017-11215, CVE-2017-11225, CVE-2017-3112, CVE-2017-3114
Nov 14 2017
Fix Available: Yes Vendor Confirmed: Yes ...
Description: Multiple vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system.
An out-of-bounds memory read error may occur [CVE-2017-3112, CVE-2017-3114, CVE-2017-11213].
A use-after-free memory error may occur [CVE-2017-11215, CVE-2017-11225]...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (27.0.0.187)...
___

Security updates - Adobe Photoshop CC | APSB17-34
- https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039786
___

Security updates - Adobe Connect | APSB17-35
- https://helpx.adobe.com/security/products/connect/apsb17-35.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039799
___

Security updates - Adobe Acrobat and Reader | APSB17-36
- https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039791
___

Security updates - Adobe DNG Converter | APSB17-37
- https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
Nov 14, 2017
___

Security updates - InDesign | APSB17-38
- https://helpx.adobe.com/security/products/indesign/apsb17-38.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039785
___

Security updates - Adobe Digital Editions | APSB17-39
- https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039798
___

Security update - Shockwave Player | APSB17-40
- https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039784
___

Security updates - Adobe Experience Manager | APSB17-41
- https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
Nov 14, 2017
- https://www.securitytracker.com/id/1039800
___

> https://www.us-cert.gov/ncas/current-activity/2017/11/14/Adobe-Releases-Security-Updates
Nov 14, 2017

:fear::fear::fear::fear:

AplusWebMaster · Dec 12, 2017

Adobe advisory - 2017.12.12

FYI...

Flash 28.0.0.126 released
- https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
Dec 12, 2017
Summary: Adobe has released a security update for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. This update addresses a regression that could lead to the unintended reset of the global settings preference file...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
> https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.126.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- https://www.securitytracker.com/id/1039986
CVE Reference: CVE-2017-11305
Dec 12 2017
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 27.0.0.187 and before ...
Description: A vulnerability was reported in Adobe Flash Player. Security settings may be reset.
A logic error may cause the global settings preference file to be reset.
[Editor's note: The vendor did not indicate whether the attack vector for this vulnerability is local or remote.]
Impact: The global settings preference file may be reset.
Solution: The vendor has issued a fix (28.0.0.126)...

:fear::fear:

AplusWebMaster · Jan 9, 2018

Flash 28.0.0.137 released

FYI...

Flash 28.0.0.137 released
- https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Jan 9, 2018
"Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
- https://get.adobe.com/flashplayer/
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.137.
Please visit the Flash Player Help page* for assistance in installing Flash Player:
* https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- https://www.us-cert.gov/ncas/curren.../Adobe-Releases-Security-Updates-Flash-Player
Jan 09, 2018
___

- https://www.securitytracker.com/id/1040155
CVE Reference: CVE-2018-4871
Jan 10 2018
Impact: Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (28.0.0.137)...

:fear::fear:

AplusWebMaster · Feb 6, 2018

Flash 28.0.0.161 released

FYI...

Flash 28.0.0.161 released
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
Feb 6, 2018
"Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 28.0.0.161 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center:
- https://get.adobe.com/flashplayer/
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 28.0.0.161 for Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 28.0.0.161.
Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe.com/flash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
For Chrome:
- https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe

Flash test site: https://www.adobe.com/software/flash/about/

:fear::fear:

AplusWebMaster · Feb 14, 2018

Adobe Acrobat, Reader, Experience Manager - updated

FYI...

Adobe Acrobat and Reader
- https://helpx.adobe.com/security/products/acrobat/apsb18-02.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions...
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates.
> The products will update automatically, without requiring user intervention, when updates are detected.
> The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
- https://get.adobe.com/reader/

- https://www.securitytracker.com/id/1040364
___

Adobe Experience Manager - updated
- https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html
Feb 13, 2018 - "Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve a reflected cross-site scripting vulnerability (CVE-2018-4875) rated moderate, and a cross-site scripting vulnerability (CVE-2018-4876) in Apache Sling XSS protection API rated important...
Affected product versions: All... minimum fix packs to address the listed vulnerability. For the latest versions, please see the release notes links referenced:
Solution: https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html#Vulnerabilitydetails

- https://www.securitytracker.com/id/1040365
___

- https://www.us-cert.gov/ncas/current-activity/2018/02/13/Adobe-Releases-Security-Updates
Feb 13, 2018

:fear::fear:

Adobe updates/advisories

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

tashi

Member of Team Spybot

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member

AplusWebMaster

New member