Adobe updates/advisories

Adobe Updates - 4.14.2015

FYI...

Flash v17.0.0.169 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
April 14, 2015
CVE number: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.281.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.457.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.169 when available...

For IE:
- http://download.macromedia.com/get/...sing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/...ensing/win/install_flash_player_17_plugin.exe

Flash test site: http://www.adobe.com/software/flash/about/

- http://www.securitytracker.com/id/1032105
CVE Reference: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355
Apr 14 2015
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.134 and prior, 13.0.0.277 and prior 13.x versions, 11.2.202.451 and prior 11.x versions...
Several memory corruption errors may occur [CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043].
Solution: The vendor has issued a fix (17.0.0.169, 13.0.0.281 ESR, 11.2.202.457 for Linux)...

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3043 - 10.0 (HIGH)
Last revised: 04/15/2015 - "... as exploited in the wild in April 2015..."
___

Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html
April 14, 2015
CVE numbers: CVE-2015-0345
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address an input validation issue that could be used in a reflected cross-site scripting attack.
Affected software versions:
ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-5.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-16.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."
- http://www.securitytracker.com/id/1032106
CVE Reference: CVE-2015-0345
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10, 11
Solution: The vendor has issued hotfixes (10 Update 16, 11 Update 5)...
___

Security vulnerability in output of Adobe Flex ASdoc Tool
- https://helpx.adobe.com/security/products/flex/apsb15-08.html
April 14, 2015
CVE number: CVE-2015-1773
Platform: All Platforms
Summary: An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions. This vulnerability could lead to reflected cross-site scripting. Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.
Affected software versions: Adobe Flex 4.6 and earlier versions
Solution: Adobe recommends users follow the steps below to remediate this issue:
- Download the index.html file available here:
> https://git-wip-us.apache.org/repos...effeddd01ecef8eef4adeae;hb=refs/heads/develop
- Apply any modifications to the existing index.html file (ex. update the page title)
- Deploy the results to the web site
- http://www.securitytracker.com/id/1032107
CVE Reference: CVE-2015-1773
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
Version(s): 4.6 and prior...
Solution: The vendor has issued a fix...

:fear:
 
Last edited:
Prenotification - Security Updates for Adobe Reader and Acrobat

FYI...

- https://blogs.adobe.com/psirt/?p=1193
May 7, 2015

Prenotification Security Advisory for Adobe Reader
- https://helpx.adobe.com/security/products/reader/apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Reader for Windows and Macintosh...
Affected software versions:
• Adobe Reader XI (11.0.10) and earlier 11.x versions
• Adobe Reader X (10.1.13) and earlier 10.x versions...
These updates address critical vulnerabilities in the software...

Prenotification Security Advisory for Adobe Acrobat
- https://helpx.adobe.com/security/products/acrobat/apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Acrobat for Windows and Macintosh...
Affected software versions:
• Adobe Acrobat XI (11.0.10) and earlier versions
• Adobe Acrobat X (10.1.13) and earlier versions...
These updates address critical vulnerabilities in the software...

:fear::fear:
 
Adobe updates 5.12.2015

FYI...

Flash Player 17.0.0.188 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
May 12, 2015
CVE number: CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.289.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.460.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.188.
- Users of the Adobe AIR desktop runtime should update to version 17.0.0.172.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 17.0.0.172...

For IE:
- http://download.macromedia.com/get/...sing/win/install_flash_player_17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/...ensing/win/install_flash_player_17_plugin.exe

Flash test site: http://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/

- http://www.securitytracker.com/id/1032285
CVE Reference: CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.169 and prior; other versions affected...
Solution: The vendor has issued a fix (17.0.0.188; 13.0.0.289 ESR; 11.2.202.460 for Linux).
___

Adobe Reader 11.0.11 10.1.14, Acrobat 11.0.11 10.1.14 released
- https://helpx.adobe.com/security/products/reader/apsb15-10.html
May 12, 2015
CVE Numbers: CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047...
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Reader X (10.1.13) and earlier versions should update to version 10.1.14.
- Users of Adobe Acrobat XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Acrobat X (10.1.13) and earlier versions should update to version 10.1.14...
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
- http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

- http://www.securitytracker.com/id/1032284
CVE Reference: CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.13 and prior 10.x versions, 11.0.10 and prior 11.x versions
Solution: The vendor has issued a fix (10.1.14, 11.0.11).

:fear::fear::fear:
 
Last edited:
Flash 18.0.0.160 released

FYI...

Flash 18.0.0.160 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
June 9, 2015
CVE number: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160.
- Users of the Adobe Flash Player Extended Support Release for Windows and Macintosh should update to Adobe Flash Player 13.0.0.292. *
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.466.
- Adobe Flash Player installed with Google Chrome will automatically update to version 18.0.0.160 (Windows and Linux) and 18.0.0.161 (Macintosh).
- Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.160.
- Users of the Adobe AIR Desktop Runtime should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of Adobe AIR for Android should update to version 18.0.0.143...

For IE:
- http://download.macromedia.com/get/...sing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macromedia.com/get/...ensing/win/install_flash_player_18_plugin.exe

Flash test site: http://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/
___

- http://www.securitytracker.com/id/1032519
CVE Reference: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Jun 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.0.188 and prior...
Solution: The vendor has issued a fix (18.0.0.160 for Mac/Windows, 13.0.0.292 ESR, 11.2.202.466 for Linux).

:fear::fear:
 
Last edited:
Adobe Photoshop CC, Adobe Bridge CC updated

FYI...

Adobe Photoshop CC updated
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
June 16, 2015
CVE number: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Affected software versions
Adobe Photoshop CC 2014 (15.2.2) (2014.2.2) and earlier versions for Windows and Macintosh
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu, and clicking "Updates". For more information, please reference this help page*:
* https://helpx.adobe.com/creative-cloud/help/creative-cloud-2015-updates.html
Product Updated version Platform Priority rating
Adobe Photoshop CC 2015 16.0 (2015.0.0) Windows and Macintosh 3
These updates address a critical vulnerability in the software..."

- http://www.securitytracker.com/id/1032659
CVE Reference: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (16.0 (2015.0.0)).
___

Adobe Bridge CC updated
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
June 16, 2015
CVE number: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary: Adobe has released an update for Adobe Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system...
Solution: Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu and clicking "Updates". For more information, please reference the following help page*:
* https://helpx.adobe.com/creative-cloud/help/creative-cloud-2015-updates.html
Creative Cloud desktop app displays an Update All button or Update buttons next to installed apps. Clicking Update or Update All installs the latest versions of apps on your computer..."
Product Updated version Platform Priority rating
Adobe Bridge CC 6.1.1 Windows and Macintosh 3
These updates address a critical vulnerability in the software.

- http://www.securitytracker.com/id/1032658
CVE Reference: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Jun 19 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes...
Solution: The vendor has issued a fix (6.1.1).

:fear::fear:
 
Last edited:
Flash 18.0.0.194 released

FYI...

Flash 18.0.0.194 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
June 23, 2015
CVE number: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113 / 10.0 (HIGH)
Last revised: 06/24/2015 - "... as exploited in the wild in June 2015."
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.194.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.296.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.468.
- Adobe Flash Player installed with Google Chrome and Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.194...

For IEv9:
- https://download.macromedia.com/get...sing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_18_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/06/23/new-0-day-for-adobe-flash
Jun 23, 2015 - "Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye* had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believe it was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and the exploit shows some signs of sophistication by introducing new techniques in their use of ROP. Patch as quickly as possible. 0-days once discovered this way tend to spread quickly to other cyber criminal groups. Adobe mentions that all known targets seem to use Windows 7 and Internet Explorer and Firefox on Windows XP... Users of IE10/11 and Google Chrome will get their patches through their browsers directly, everybody else will need to download directly from Adobe."
* https://www.fireeye.com/blog/threat...on-clandestine-wolf-adobe-flash-zero-day.html
June 23, 2015

- http://www.securitytracker.com/id/1032696
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3113
Jun 23 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.161 and prior...
FireEye reported this vulnerability.
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (18.0.0.194; ESR 13.0.0.296; 11.2.202.468 for Linux)...

:fear::fear:
 
Last edited:
Flash Player Security Advisory - 2015.7.7

FYI...

Flash Player Security Advisory
- https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
July 7, 2015
CVE number: CVE-2015-5119
Platform: Windows, Macintosh and Linux
Summary: A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.
Affected software versions:
- Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux..."
___

Flash 0-day - Use-After-Free Vuln
- https://www.us-cert.gov/ncas/curren...ript-3-ByteArray-Use-After-Free-Vulnerability
July 07, 2015
___

- http://arstechnica.com/security/2015/07/hacking-team-leak-releases-potent-flash-0day-into-the-wild/
Jul 7, 2015 - "... Until a fix is installed, readers should consider -disabling- Flash, particularly when browsing websites they are unfamiliar with..."

Flash 0-Day Integrated Into Exploit Kits
- http://blog.trendmicro.com/trendlab...-flash-zero-day-integrated-into-exploit-kits/
July 7, 2015 - "... one of the payloads being spread in this manner as CryptoWall 3.0, particularly by the Angler exploit kit..."

:fear::fear:
 
Last edited:
Flash 18.0.0.203 released

FYI...

Flash 18.0.0.203 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
July 8, 2015
CVE number: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.203 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.302 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.481 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.203 on Windows and Macintosh, and Flash Player 18.0.0.204 on Linux.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.203...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_18_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5119
Last revised: 07/10/2015 - "... as exploited in the wild in July 2015."
10.0 (HIGH)
___

- http://www.securitytracker.com/id/1032809
CVE Reference: CVE-2015-5119
Jul 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).

- http://www.securitytracker.com/id/1032810
CVE Reference: CVE-2014-0578, CVE-2015-3097, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3125, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5116, CVE-2015-5117, CVE-2015-5118
Jul 8 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.194 and prior; ESR 13.0.0.296 and prior; 11.2.202.468 and prior 11.x versions for Linux...
Solution: The vendor has issued a fix (18.0.0.203, ESR 13.0.0.302, 11.2.202.481 for Linux).

:fear::fear:
 
Last edited:
Flash, Shockwave, Acrobat, Reader - Critical updates released

FYI...

Flash 18.0.0.209 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
July 14, 2015
CVE number: CVE-2015-5122, CVE-2015-5123
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.209 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release... update to version 13.0.0.305 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe will provide an update for Flash Player for Linux during the week of July 12. The update will be available by visiting the Adobe Flash Player Download Center. Please continue to monitor the PSIRT blog for updates.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.209 on Windows, Macintosh and Linux.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.209...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_18_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/

> http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html
July 16, 2015

> http://blog.trendmicro.com/trendlabs-security-intelligence/flash-threats-not-just-in-the-browser/
July 30, 2015

- http://www.securitytracker.com/id/1032890
CVE Reference: CVE-2015-5122, CVE-2015-5123
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Solution: The vendor has issued a fix (18.0.0.209, ESR 13.0.0.305 Windows/Mac).
___

Shockwave 12.1.9.159 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
July 14, 2015
CVE number: CVE-2015-5120, CVE-2015-5121
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
- Adobe recommends users of Adobe Shockwave Player 12.1.8.158 and earlier versions for Windows and Macintosh update to Adobe Shockwave Player 12.1.9.159 by visiting the Adobe Shockwave Player Download Center*.
* https://get.adobe.com/shockwave/

- http://www.securitytracker.com/id/1032891
CVE Reference: CVE-2015-5120, CVE-2015-5121
Jul 14 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.1.8.158 and prior...
Solution: The vendor has issued a fix (12.1.9.159).
___

Adobe Acrobat/Reader 11.0.12/10.1.15 released
- https://helpx.adobe.com/security/products/acrobat/apsb15-15.html
July 14, 2015
CVE numbers:  CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Platforms: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> https://get.adobe.com/reader/

Acrobat Updates/Programs: https://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Reader Updates/Programs: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

- http://www.securitytracker.com/id/1032892
CVE Reference: CVE-2014-0566, CVE-2014-8450, CVE-2015-3095, CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4443, CVE-2015-4444, CVE-2015-4445, CVE-2015-4446, CVE-2015-4447, CVE-2015-4448, CVE-2015-4449, CVE-2015-4450, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086, CVE-2015-5087, CVE-2015-5088, CVE-2015-5089, CVE-2015-5090, CVE-2015-5091, CVE-2015-5092, CVE-2015-5093, CVE-2015-5094, CVE-2015-5095, CVE-2015-5096, CVE-2015-5097, CVE-2015-5098, CVE-2015-5099, CVE-2015-5100, CVE-2015-5101, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-5105, CVE-2015-5106, CVE-2015-5107, CVE-2015-5108, CVE-2015-5109, CVE-2015-5110, CVE-2015-5111, CVE-2015-5113, CVE-2015-5114, CVE-2015-5115
Jul 14 2015
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.14 and prior; 11.0.11 and prior...
Solution: The vendor has issued a fix (10.1.15, 11.0.12, DC 2015.008.20082).

:fear::fear:
 
Last edited:
Flash 18.0.0.232 released

FYI...

Flash 18.0.0.232 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Aug 11, 2015
APSB15-19
CVE number: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe... recommends users update their installation to the newest version:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 18.0.0.232 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release [2] update to version 18.0.0.232 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.508 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.0.0.232 on Windows and Macintosh, and version 18.0.0.233 for Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 18.0.0.232.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 18.0.0.199 ...

2] https://blogs.adobe.com/flashplayer...flash-players-extended-support-release-2.html

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_18_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_18_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/

Aug 12, 2015: Added a reference to CVE-2015-5565, a use-after-free issue similar to CVE-2015-3107. A fix for CVE-2015-3107 was introduced in APSB15-11, and has been strengthened in APSB15-19. Also, removed CVE-2015-5128, which was previously assessed to be a Type Confusion issue and has been re-classified as a non-exploitable crash due to a null pointer exception.
___

- http://www.securitytracker.com/id/1033235
CVE Reference: CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
Aug 11 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.209 and prior...
Solution: The vendor has issued a fix (18.0.0.232, 11.2.202.508 for Linux)...

:fear:
 
Last edited:
Adobe Shockwave 12.2.0.162 released

FYI...

Adobe Shockwave 12.2.0.162 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-22.html
Sep 8, 2015
CVE number: CVE-2015-6680, CVE-2015-6681
Platform: Windows
Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.1.9.160 and earlier versions update to Adobe Shockwave Player 12.2.0.162 by visiting the Adobe Shockwave Player Download Center*...
* https://get.adobe.com/shockwave/
Vulnerability Details: This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-6680, CVE-2015-6681)...
___

- http://www.securitytracker.com/id/1033486
CVE Reference: CVE-2015-6680, CVE-2015-6681
Sep 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.1.9.160 and prior...
Solution: The vendor has issued a fix (12.2.0.162)...

:fear::fear:
 
Last edited:
Flash 19.0.0.185 released

FYI...

Flash 19.0.0.185 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
Sep 21, 2015
CVE number: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.185 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.241 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.521 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.185 on Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.190 by visiting the AIR download center or the AIR developer center.
Adobe recommends users of AIR for Android update to version 19.0.0.190 by visiting the Google Play Store...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/
___

- http://www.securitytracker.com/id/1033629
CVE Reference: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
Sep 22 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 18.0.0.232 and prior...
Solution: The vendor has issued a fix (19.0.0.185 for Windows/Mac, 18.0.0.241 ESR for Windows/Mac, 11.2.202.521 for Linux).

:fear::fear:
 
Last edited:
Adobe PSIRT Advisory - Acrobat and Reader

FYI...

Prenotification Security Advisory for Adobe Acrobat and Reader
- https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
Oct 8, 2015
Platform: Windows and Macintosh
Summary: Adobe is planning to release security updates on Tuesday, October 13, 2015 for Adobe Acrobat and Reader for Windows and Macintosh.
Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at https://blogs.adobe.com/psirt
(Note: This Security Advisory will be replaced with the Security Bulletin on October 13.)

:fear:
 
Flash 19.0.0.207, Acrobat/Reader 11.0.13/10.1.16 released

FYI...

>> https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
Oct, 14, 2015 - "... A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16."
___

Flash 19.0.0.207 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
Oct 13, 2015
CVE number: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.207 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.252 by visiting:
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.535 by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.207 on Windows, Macintosh, Linux and Chrome OS.
Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.213 by visiting the AIR download center or the AIR developer center...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR: http://get.adobe.com/air/
___

- http://www.securitytracker.com/id/1033797
CVE Reference: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
Oct 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.185 and prior ...
Solution: The vendor has issued a fix (18.0.0.252 ESR, 19.0.0.207 for Mac/Windows, 11.2.202.535 for Linux).
___

Adobe Acrobat/Reader 11.0.13/10.1.16 released
- https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
Oct 13, 2015
CVE Numbers: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat -Reader- installer can be downloaded from the Acrobat Reader Download Center:
> https://get.adobe.com/reader/
-or-
Windows/Mac: https://www.adobe.com/support/downloads/new.jsp
___

- http://www.securitytracker.com/id/1033796
CVE Reference: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
Oct 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10.1.15 and prior, 11.0.12 and prior ...
Solution: The vendor has issued a fix (10.1.16, 11.0.13)...
[-56- vulnerabilities]

:fear::fear:
 
Last edited:
Flash 19.0.0.226 released

FYI...

Flash 19.0.0.226 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Oct 16, 2015
CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-7645 is being used in limited, targeted attacks...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.226 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.255 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.540 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.226 on Windows, Macintosh and Linux, and 19.0.0.225 on Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/
___

- http://www.securitytracker.com/id/1033850
CVE Reference: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
Oct 16 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.207 and prior...
Solution: The vendor has issued a fix (18.0.0.255 ESR, 19.0.0.226 for Windows and OS X, 11.2.202.540 for Linux.

:fear::fear:
 
Last edited:
Shockwave 12.2.1.171 released

FYI...

Shockwave 12.2.1.171 released
- https://helpx.adobe.com/security/products/shockwave/apsb15-26.html
Oct 27, 2015
CVE number: CVE-2015-7649
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.0.162 and earlier versions update to Adobe Shockwave Player 12.2.1.171 by visiting the Adobe Shockwave Player Download Center:
- https://get.adobe.com/shockwave/
Vulnerability Details: This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2015-7649)...
___

- http://www.securitytracker.com/id/1033990
CVE Reference: CVE-2015-7649
Oct 28 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 12.2.0.162 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (12.2.1.171)...

:fear::fear:
 
Last edited:
Flash 19.0.0.245 released

FYI...

Flash 19.0.0.245 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
Nov 10, 2015
CVE number: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.245 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted....
- Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.261 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.548 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.245 on Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
- Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.241 by visiting the AIR download center or the AIR developer center...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_19_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_19_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

Air 19.0.0.241: https://get.adobe.com/air/
___

- http://www.securitytracker.com/id/1034111
CVE Reference: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
Nov 10 2015
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 19.0.0.226 and prior ...
Solution: The vendor has issued a fix (19.0.0.245 for Windows/Mac; 18.0.0.261 ESR; 11.2.202.548 for Linux).

:fear::fear:
 
Last edited:
ColdFusion - Hotfix available

FYI...

ColdFusion - Hotfix available
- https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
Nov 17, 2015
CVE numbers: CVE-2015-8052, CVE-2015-8053, CVE-2015-5255
Platforms: All
Summary: Adobe has released a security hotfix for ColdFusion versions 11 and 10. This hotfix resolves two input validation issues that could be used in reflected cross-site scripting attacks. This hotfix also includes an updated version of BlazeDS that resolves an important Server-side request forgery vulnerability. Adobe recommends users apply the appropriate hotfix using the instructions provided in the "Solution" section...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.com/coldfusion/kb/coldfusion-11-update-7.html
ColdFusion 10: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-18.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."

LiveCycle Data Services
- https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html
Nov 17, 2015
> https://helpx.adobe.com/livecycle/kb/ssrf-vulnerability-blazeDS.html

Adobe Premier Clip
- https://helpx.adobe.com/security/products/premiereclip/apsb15-31.html
Nov 17, 2015
> https://itunes.apple.com/us/app/adobe-premiere-clip/id919399401
___

- http://www.securitytracker.com/id/1034211
CVE Reference: CVE-2015-8052, CVE-2015-8053
Nov 20 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 10 Update 17 and prior, 11 Update 6 and prior ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10 Update 18, 11 Update 7)...
___

- https://www.us-cert.gov/ncas/curren...ty-Updates-ColdFusion-LiveCycle-Data-Services
Nov 17, 2015

:fear::fear:
 
Last edited:
Flash 20.0.0.228 / 20.0.0.235 released

FYI...

Flash 20.0.0.228 / 20.0.0.235 released
- https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
Dec 8, 2015
CVE number: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari) by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.268 by visiting
> http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.554 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.228 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.204 by visiting the AIR download center or the AIR developer center.
- Please visit the Flash Player Help page for assistance in installing Flash Player...

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_20_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_20_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR 20.0.0.204: https://get.adobe.com/air/
___

- http://www.securitytracker.com/id/1034318
CVE Reference: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
Dec 8 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (20.0.0.228 for Mac/Windows; 20.0.0.235 for Mac/Windows; ESR 18.0.0.268; 11.2.202.554 for Linux)...

:fear::fear:
 
Last edited:
Flash 20.0.0.267 released

FYI...

Flash 20.0.0.267 released
- https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
Dec 28, 2015
CVE number: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-8651* is being used in limited, targeted attacks...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.267 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.324 by visiting:
- http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.559 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.267 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
- Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.233 by visiting the AIR download center or the AIR developer center...

* https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8651
Last revised: 12/29/2015 - 9.3 (HIGH)

For IEv9 and below:
- https://download.macromedia.com/get...sing/win/install_flash_player_20_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.macromedia.com/get...ensing/win/install_flash_player_20_plugin.exe

Flash test site: https://www.adobe.com/software/flash/about/

AIR 20.0.0.233: https://get.adobe.com/air/

- https://www.us-cert.gov/ncas/curren.../Adobe-Releases-Security-Updates-Flash-Player
Dec 28, 2015
___

- http://www.securitytracker.com/id/1034544
CVE Reference: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
Dec 29 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 20.0.0.235 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (20.0.0.267; ESR 18.0.0.324; 11.2.202.559 for Linux).

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top