Jump to content


Photo

Adobe multiple vulns


  • Please log in to reply
111 replies to this topic

#51 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 07 March 2012 - 06:14 AM

FYI...

Red Hat updt - Flash-plugin
- https://secunia.com/advisories/48295/
Release Date: 2012-03-07
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: Red Hat Enterprise Linux Desktop Supplementary (v. 6), Linux Server Supplementary (v. 6), Linux Workstation Supplementary (v. 6), RHEL Desktop Supplementary (v. 5 client), RHEL Supplementary (v. 5 server)
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2012-0768 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0769 - 5.0
Original Advisory: RHSA-2012:0359-01:
https://rhn.redhat.c...-2012-0359.html
"... upgrades Flash Player to version 10.3.183.16..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#52 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 15 March 2012 - 07:44 AM

FYI...

ColdFusion security update - Hotfix available
- https://www.adobe.co.../apsb12-06.html
March 13, 2012 - "... important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This vulnerability could lead to a denial of service attack using a hash algorithm collision. Adobe has provided a solution to address the reported vulnerability. It is recommended that users update their product installation using the instructions provided in the "Solution" section... This update resolves a denial of service attack using a hash algorithm collision ( http://web.nvd.nist....d=CVE-2012-0770 )...
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote: http://helpx.adobe.c...ity-hotfix.html ..."

- https://secunia.com/advisories/48393/
Release Date: 2012-03-14

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#53 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 28 March 2012 - 02:07 PM

FYI...

Flash Player v11.2.202.228 released
- https://www.adobe.co.../apsb12-07.html
March 28, 2012
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-0772 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
- http://web.nvd.nist....d=CVE-2012-0773 - 10.0 (HIGH)
Last revised: 03/29/2012
"Summary: The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070..."
Platform: All Platforms
Summary: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228... Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223... Windows users and users of Adobe Flash Player 10.3.183.16 or later for Macintosh can install the update via the update mechanism within the product when prompted. For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18... Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device. Users of Adobe AIR 3.1.0.4880 for Windows, Macintosh and Android should update to Adobe AIR 3.2.0.2070...

Download: https://www.adobe.co...tribution3.html

AIR 3.2.0.2070: AIR Download Center: http://get.adobe.com/air/

Android Marketplace: https://play.google....ashplayer&hl=en

Android Marketplace: https://play.google....d=com.adobe.air

Release Notes | Flash Player 11.2, AIR 3.2:
- http://helpx.adobe.c...1_20120305.html
___

Flash test site: http://www.adobe.com...re/flash/about/
___

Critical Security Update for Adobe Flash Player
- http://atlas.arbor.n...ndex#-330930387
Severity: High Severity
Published: Wednesday, March 28, 2012 19:20
Adobe releases a critical update for Flash Player, and also rolls in a more functional automatic update process.
Analysis: Flash has been hit hard by malware authors and use for all sorts of attacks. In the past, it's patching mechanism has been flawed and difficult to use, especially for the average computer user. Their new background update function* should make this easier.
Source: https://krebsonsecur...flash-player-2/
* http://download.wind...29-PW-Flash.jpg

Flash Player / AIR vulns...
- https://secunia.com/advisories/48623/
Release Date: 2012-03-29
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference(s): CVE-2012-0772, CVE-2012-0773
Solution: Update to a fixed version...
Original Advisory: http://www.adobe.com.../apsb12-07.html

- http://www.securityt....com/id/1026859
CVE Reference: CVE-2012-0772, CVE-2012-0773
Date: Mar 28 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): 11.1.102.63 and prior versions...
Solution: The vendor has issued a fix (11.2.202.228 for Windows, Mac, and Linux; 11.2.202.223 for Solaris; 11.1.111.8 for Android 3.x).

:!: :ph34r:

Edited by AplusWebMaster, 03 April 2012 - 02:33 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#54 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 10 April 2012 - 12:33 PM

FYI...

Adobe Reader/Acrobat security updates available
- https://www.adobe.co...08.html#Ratings
April 10, 2012
CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
"... Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Adobe Reader users on Windows can also find the appropriate update here: http://www.adobe.com...latform=Windows
- Adobe Reader users on Macintosh can also find the appropriate update here: http://www.adobe.com...tform=Macintosh
- Adobe Reader users on Linux can find the appropriate update here: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
- Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
- Acrobat Standard and Pro users on Windows can also find the appropriate update here: http://www.adobe.com...latform=Windows
- Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com...latform=Windows
- Acrobat Pro users on Macintosh can also find the appropriate update here: http://www.adobe.com...tform=Macintosh ..."
___

- http://www.securityt....com/id/1026908
Date: Apr 10 2012
CVE Reference: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
Impact: Execution of arbitrary code via network, User access via network
Version(s): 9.5 and prior versions; 10.1.2 and prior versions

- https://secunia.com/advisories/48733/
Release Date: 2012-04-11
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote...
... more information:
- https://secunia.com/advisories/48033/
- https://secunia.com/advisories/48281/
- https://secunia.com/advisories/48623/
Solution: Apply updates...

:ph34r: :ph34r:

Edited by AplusWebMaster, 11 April 2012 - 07:22 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#55 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 19 April 2012 - 09:51 PM

FYI...

Flash Player v11.2.202.233 released
- https://www.adobe.co.../apsb12-07.html
... Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).
April 5, 2012 - Added information on CVE-2012-0724, CVE-2012-0725 and corresponding Google Chrome release.
- http://web.nvd.nist....d=CVE-2012-0724 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0725 - 10.0 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
___

- http://helpx.adobe.c...1_20120305.html
Last updated 2012-04-13
... Current Runtime Release Version(s): Flash Player Desktop: 11.2.202.233
Fixed Issues: Printing to local printer generates unusably large print jobs (3158836)...
.. ??

Download: https://www.adobe.co...tribution3.html
___

Flash test site: http://www.adobe.com...re/flash/about/

:!:

Edited by AplusWebMaster, 19 April 2012 - 09:52 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#56 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 04 May 2012 - 02:20 PM

FYI...

Flash Player v11.2.202.235 released - 0-day Fix
- https://www.adobe.co.../apsb12-09.html
May 4, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-0779
Platform: All Platforms
Summary: ... an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows* only. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235... Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9...
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible...
> https://blogs.adobe....-apsb12-09.html

Download: https://www.adobe.co...tribution3.html

Android: https://market.andro...obe.flashplayer
___

Flash test site: http://www.adobe.com...re/flash/about/

Flash Player update closes critical object confusion hole
Severity: High Severity
- http://atlas.arbor.net/briefs/
Published: Monday, May 07, 2012
Adobe Flash update addresses critical security hole.
Analysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks. Attackers will often use newer vulnerabilities and 0days on special targets of high value first. At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives.
Source: http://h-online.com/-1568704

- https://www.us-cert...._advisory_for14
May 4, 2012

- http://www.securityt....com/id/1027023
May 4 2012 - "... vulnerability is being actively exploited against Flash Player on Internet Explorer in targeted cases. Microsoft Vulnerability Research (MSVR) reported this vulnerability..."

- http://www.symantec....n-cve-2012-0779
May 5, 2012 - "... we have identified multiple targets across manufacturers of products used by the defense industry, but this is likely to change in the coming days...
Some of the subject lines observed in this campaign:
• [EMAIL USERNAME], The disclosure of [REDACTED] secret weapon deals with the Middle East
• [EMAIL USERNAME], I heard about the consolidation of [REDACTED], is that true?
• [COMPANY NAME] is in the unpromising situation after acquisition by [COMPANY]
• Invitation Letter to [REDACTED] 2012
• some questions about [REDACTED]
• China-Russia Joint Military Exercises
• FOR more information
A sampling of file names for the documents used in this campaign:
• Consolidation Schedule.doc
• [COMPANY NAME REDACTED].doc
• [REDACTED] Invitation Letter to [REDACTED] 2012
• questions about your course.doc
• military exercise details.doc ..."
> http://www.symantec....es/image2AJ.png

:ph34r: :ph34r:

Edited by AplusWebMaster, 09 May 2012 - 05:41 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#57 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 08 May 2012 - 09:36 PM

FYI...

Adobe Black Tuesday for May 2012
___

APSB12-13 Security update available for Adobe Shockwave Player
- https://www.adobe.co.../apsb12-13.html
5/8/2012
CVE number: CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033
Platform: Windows and Macintosh
... security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635... available here: http://get.adobe.com/shockwave/ ... addresses -critical- vulnerabilities in the software....

APSB12-12 Security bulletin for Adobe Flash Pro
- https://www.adobe.co.../apsb12-12.html
5/8/2012
CVE number: CVE-2012-0778
Platform: Windows and Macintosh
... security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has released Adobe Flash Professional CS6, which addresses this vulnerability... (paid upgrade)... addresses a -critical- vulnerability in the software....

APSB12-11 Security bulletin for Adobe Photoshop
- https://www.adobe.co.../apsb12-11.html
5/8/2012
CVE number: CVE-2012-2027, CVE-2012-2028
Platform: Windows and Macintosh
... security upgrade for Adobe Photoshop CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities... (paid upgrade)... could lead to code execution CVE-2012-2027, Bugtraq ID 52634, which references: http://www.securityf....com/bid/52634/ This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028)... addresses a -critical- vulnerability in the software...

APSB12-10 Security bulletin for Adobe Illustrator
- https://www.adobe.co.../apsb12-10.html
5/8/2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026
Platform: Windows and Macintosh
... security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities... (paid upgrade)... addresses a -critical- vulnerability in the software...
___

- https://secunia.com/advisories/49086/ - Shockwave Player
- https://secunia.com/advisories/47116/ - Flash Pro
- https://secunia.com/advisories/48457/ - Photoshop
- https://secunia.com/advisories/47118/ - Illustrator

- http://www.securityt....com/id/1027037 - Shockwave Player
- http://www.securityt....com/id/1027045 - Flash Pro
- http://www.securityt....com/id/1027046 - Photoshop
- http://www.securityt....com/id/1027047 - Illustrator

:ph34r: :ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster, 09 May 2012 - 04:31 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#58 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 May 2012 - 06:04 AM

FYI...

Adobe to release patches for CS5.x ...
- http://h-online.com/-1574341
12 May 2012 - "Adobe has announced* – through changes to the security advisories it issued earlier this week – that it is developing patches for the critical holes in the CS5.x versions of Adobe Photoshop, Illustrator and Flash Professional, after previously advising users that they needed to buy the just-released CS6 versions of the applications... Adobe has given no schedule for the availability of patches. In the original 8 May advisories, the company had said only that users of these products would need to purchase the upgrade from the CS5 and CS5.5 versions to the, just shipping on 7 May, CS6 versions to close the critical holes they were detailing; a move that was seen as effectively charging for security fixes..."
* https://blogs.adobe....-apsb12-12.html
May 11, 2012 - "... We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available..."
___

Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability
- https://secunia.com/advisories/49160/
Release Date: 2012-05-15
Criticality level: Highly critical
Solution Status: Unpatched...

Adobe Photoshop...
- http://securitytracker.com/id/1027063
Date: May 15 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): CS5.1; possibly other versions...

:ph34r:

Edited by AplusWebMaster, 15 May 2012 - 04:49 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#59 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 05 June 2012 - 08:59 AM

FYI...

Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) released
- https://www.adobe.co.../apsb12-10.html
Last updated: June 4, 2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042
Platform: Windows and Macintosh
"... Adobe has released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities highlighted in this security bulletin... users can find the appropriate update for their version/platform here:
Adobe Illustrator CS5 (15.0.3) for Windows
- http://download.adob...ator_15.0.3.zip
Adobe Illustrator CS5 (15.0.3) for Macintosh
- http://download.adob...ator_15.0.3.dmg
Adobe Illustrator CS5.5 (15.1.1) for Windows
- http://download.adob...ator_15.1.1.zip
Adobe Illustrator CS5.5 (15.1.1) for Macintosh
- http://download.adob...ator_15.1.1.dmg ..."

Adobe Photoshop vCS5 (12.0.5) and vCS5.1 (12.1.1) released
- https://www.adobe.co.../apsb12-11.html
Last updated: June 4, 2012
CVE number: CVE-2012-2027, CVE-2012-2028, CVE-2012-2052
Platform: Windows and Macintosh
"... Adobe has released Adobe Photoshop CS5 (12.0.5) and Adobe Photoshop CS5.1 (12.1.1) to address the vulnerabilities highlighted in this security bulletin... Adobe recommends... customers update their product installations by following the instructions provided in the the technote:
http://helpx.adobe.c...-photoshop.html ..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#60 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 08 June 2012 - 03:12 PM

FYI...

Flash Player v11.3.300.257 - AIR v3.3.0.3610 released
- https://www.adobe.co.../apsb12-14.html
June 8, 2012
CVE number:
- http://web.nvd.nist....d=CVE-2012-2034 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2035 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2036 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2037 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2038 - 5.0
- http://web.nvd.nist....d=CVE-2012-2039 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2040 - 7.2 (HIGH)
Platform: All Platforms
Summary: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 19.0.1084.56, which includes Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9.
- Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10.
> https://krebsonsecur...113-600x157.png

Download: https://www.adobe.co...tribution3.html

Android: https://market.andro...obe.flashplayer

Flash test site: http://www.adobe.com...re/flash/about/
___

- Users of Adobe AIR 3.2.0.2070 for Windows, Macintosh and Android should update to Adobe AIR 3.3.0.3610...
Adobe recommends users of Adobe AIR 3.2.0.207 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 3.3.0.3610:
- http://get.adobe.com.../?promoid=JOPDE
Adobe AIR 3.2.0.2070 and earlier versions for Windows, Macintosh and Android... follow the instructions in the Adobe AIR TechNote:
- http://helpx.adobe.c...ir-runtime.html
___

Thanks Brian:
- https://krebsonsecur...e-flash-player/
June 8, 2012
___

Inside Flash Player Protected Mode for Firefox
- https://blogs.adobe....or-firefox.html
June 7, 2012
> https://blogs.adobe....e_processes.jpg

- http://h-online.com/-1614700
9 June 2012
___

- http://www.securityt....com/id/1027139
CVE Reference: CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040
Jun 9 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.2.202.235 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (11.3.300.257 for Windows and Mac, 11.2.202.236 for Linux, 11.3.300.257 for Chrome, 11.1.115.9 for Android 4.x, 11.1.111.10 for Android 3.x).
The vendor's advisory is available at:
http://www.adobe.com.../apsb12-14.html

- https://secunia.com/advisories/49388/
Last Update: 2012-06-11
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-14.html

- https://www.us-cert...._advisory_for15
June 11, 2012 - 9:11 am

:ph34r: :ph34r:

Edited by AplusWebMaster, 12 June 2012 - 10:23 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#61 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 10 June 2012 - 07:40 PM

Flash Player update can crash Firefox.
http://securitygarde...es-firefox.html

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#62 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 June 2012 - 12:10 PM

FYI...

ColdFusion v9.0.1 hotfix available...
- https://www.adobe.co.../apsb12-15.html
June 12, 2012
CVE number: CVE-2012-2041
Platforms: All
Summary: Adobe released a security hotfix for ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This update resolves an HTTP response splitting vulnerability in the ColdFusion Component Browser. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
*Note: ColdFusion 10 for Windows, Macintosh and UNIX is not affected by this issue.
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.c...-apsb12-15.html ...

- http://www.securityt....com/id/1027146
CVE Reference: CVE-2012-2041
Jun 12 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 8.0, 8.0.1, 9.0, 9.0.1

:!: :ph34r:

Edited by AplusWebMaster, 12 June 2012 - 04:17 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#63 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 15 June 2012 - 08:33 PM

FYI...

Firefox v13.0.1 released
>>> http://www.spywarein...post__p__766792
June 16, 2012
___

Flash crash - Firefox 13...
- http://h-online.com/-1619399
15 June 2012 - "The latest release of the Flash Player plugin, version 11.3, is causing frequent crashes in Firefox 13 on Windows. The problem seems to be related to the recently introduced Protection Mode, which is supposed to make the plugin run in a sandbox to isolate it from the rest of the system. The number of users experiencing this problem is now so large that Mozilla and Adobe are both offering differing solutions for a fix... Users should on -no- account -downgrade- to build 11.2... as it is known to contain critical security vulnerabilities which are currently being actively exploited... users should install Flash Player 10.3*, in which the vulnerabilities in question have been fixed in a similar way to version 11.3 since Adobe is continuing to supply enterprise customers with security patches for Flash 10."

* http://fpdownload.ma...r_10_plugin.exe

:(

Edited by AplusWebMaster, 16 June 2012 - 10:21 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#64 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 22 June 2012 - 01:44 PM

FYI...

Flash Player v11.3.300.262 released
> http://forums.adobe.com/thread/1027238
Jun 21, 2012 - "... the Windows Flash Player plug-in for Firefox, Mozilla, Netscape, Opera and other browsers was updated to 11.3.300.262. This release addresses stability issue found in Mozilla Firefox. This build does not address the audio issues reported by some customers but we continue to focus on these problems and will continue to do so until they are resolved. If you continue to have problems with this release, please see this tech note for suggestions and instructions for reporting these issues to us: Flash Player 11.3 compatibility issues with RealPlayer extension in Mozilla Firefox. For full details on the 11.3 release, please see our release notes**."

* http://helpx.adobe.c...sh-mozilla.html
Last updated: 2012-06-22

** http://helpx.adobe.c...in_Known_Issues
Last updated: 2012-06-21
___

> https://www.adobe.co...tribution3.html

Windows Flash Player 11.3.300.262 ... Plugin-based browsers:
> http://download.macr...r_11_plugin.exe
___

Flash test site: http://www.adobe.com...re/flash/about/

:scratchhead:

Edited by AplusWebMaster, 22 June 2012 - 01:47 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#65 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 27 June 2012 - 05:26 AM

FYI...

Flash Pro CS5.5 Security Update 11.5.2
- https://www.adobe.co.../apsb12-12.html
Last Updated: June 25, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-0778 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.
Affected software versions: Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325) and earlier versions for Windows and Macintosh
Solution: Adobe has released Adobe Flash Professional CS5.5 (11.5.2.349) to address the vulnerability highlighted in this security bulletin. Adobe recommends Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) customers update their product installation by following the instructions provided in the technote:
- http://helpx.adobe.c...ity-update.html
...The Security Update is available for download at:
- https://www.adobe.co....html#flashCS55
... This update addresses a critical vulnerability in the software.
Revisions:
June 25, 2012 - Added information on release of update to Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325).

:!: :ph34r:

Edited by AplusWebMaster, 27 June 2012 - 09:35 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#66 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 11 July 2012 - 12:49 PM

FYI...

Flash v11.3.300.265 released
- http://forums.adobe....4551666#4551666
Jul 11, 2012 - "Flash Player 11.3 Update
Today, Flash Player 11.3.300.265 for Windows and Macintosh was released to address critical audio and stability issues.
For full details on the 11.3 release, please see our release notes.
http://www.adobe.com...leasenotes.html ..."

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
2012.07.11
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.265
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.265
Chrome 11.3.300.265
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.265
Chrome 11.3.300.265

:!:

Edited by AplusWebMaster, 11 July 2012 - 02:30 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#67 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 27 July 2012 - 01:51 PM

FYI...

Flash v11.3.300.268 released
- http://forums.adobe....4582208#4582208
Jul 26, 2012 - "Flash Player 11.3.300.268 for Windows and Macintosh was released to address stability issues when browsing and playing Flash content. For full details on the 11.3 release, please see our release notes*..."
* http://www.adobe.com...leasenotes.html

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
2012.07.27
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.268
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.268
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.268

:!:

Edited by AplusWebMaster, 27 July 2012 - 01:52 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#68 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 03 August 2012 - 12:23 AM

FYI...

Flash v11.3.300.270 released
- http://forums.adobe....4594596#4594596
Aug 2, 2012 - "... Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi's (available on the distribution page.) No other platforms are affected... Please be aware that this release is -not- available from the Product Download Center (get.adobe.com/flashplayer) which will continue to provide 11.3.300.268. We realize that this might cause confusion for some users. Due to the severity of this issue, we decided to make this build available immediately to help customers affected by this bug. Due to logistical issues and time constraints, we were unable to update the release on the Product Download Center. The next release of Flash Player will correct this disparity. Please note that unless you have been affected by the FlashPlayerUpdateService.exe crash, both 11.3.300.270 and 11.3.300.268 will be functionally identical. This release will be distributed using the following methods:
• Silent auto update - If enabled and functional, the silent auto update service will automatically install this build within 24 hours.
• Direct download - You can download the installers directly using the links below
IE:
- http://download.macr...h_player_ax.exe
Plugin-based browsers:
- http://download.macr...lash_player.exe
___

- https://blogs.adobe....nd-acrobat.html
August 9, 2012 - "... upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 14, 2012..."
> http://www.adobe.com/go/apsb12-16

Adobe warns of critical holes in Reader, Acrobat
- http://atlas.arbor.net/briefs/
Severity: High Severity
August 09, 2012
Adobe is releasing patches on August 14th to resolve security holes.
Analysis: ... keep these packages up-to-date with automatic update features and ensure updates are applied. Extra layers of hardening around software that integrates with the browser and email client is recommended as these are frequently attacked...

:!: :ph34r:

Edited by AplusWebMaster, 10 August 2012 - 03:02 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#69 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 14 August 2012 - 05:04 PM

FYI...

> https://www.adobe.co...pport/security/

Flash updates v11.3.300.271 / v11.2.202.238 released
- https://www.adobe.co.../apsb12-18.html
August 14, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-1535 - 9.3 (HIGH)
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.271.
- Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 21.0.1180.79...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://secunia.com/advisories/50285/
Last Update: 2012-08-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist....d=CVE-2012-1535
... vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.
Solution: Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-18.html
___

Adobe Shockwave v11.6.6.636 released
- https://www.adobe.co.../apsb12-17.html
August 14, 2012
CVE number: CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
Platform: Windows and Macintosh
Summary:Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system...
Solution: Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to the newest version 11.6.6.636, available here:
http://get.adobe.com/shockwave/ ...

- https://secunia.com/advisories/50283/
Release Date: 2012-08-14
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 11.6.6.636.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-17.html
___

Adobe Reader/Acrobat X v10.1.4 released
- https://www.adobe.co.../apsb12-16.html
August 14, 2012
CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
[Adobe Reader/Acrobat 9.x -before- 9.5.2 and 10.x -before- 10.1.4 on Windows and Mac OS X]
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
Users of Adobe Reader X (10.1.3) and earlier versions for Windows and Macintosh should update to Adobe Reader X (10.1.4).
For users of Adobe Reader 9.5.1 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.4), Adobe has made available the update Adobe Reader 9.5.2.
Users of Adobe Acrobat X (10.1.3) for Windows and Macintosh should update to Adobe Acrobat X (10.1.4).
Users of Adobe Acrobat 9.5.1 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com...tform=Macintosh
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com...latform=Windows
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com...tform=Macintosh ...

- https://secunia.com/advisories/50281/
Last Update: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix ...
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
Solution: Apply updates if available.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-16.html

- https://secunia.com/advisories/50290/
Release Date: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
... vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: No official solution is currently available...
Original Advisory: http://j00ru.vexillium.org/?p=1175

>> http://h-online.com/-1668153
15 August 2012

:!: :!: :!:

Edited by AplusWebMaster, 18 August 2012 - 03:33 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#70 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 21 August 2012 - 04:12 PM

Win8 users vulnerable to active Flash exploits
- https://www.computer..._Flash_exploits
Sep 08, 2012
___

- https://krebsonsecur...-fixes-5-flaws/
Aug. 21, 2012 - "For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild..."

Flash v11.4.402.265 released
- https://www.adobe.co.../apsb12-19.html
August 21, 2012
CVE number: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
Platform: All Platforms
Details: Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh
Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
Revisions: Aug 30, 2012 - Added information regarding CVE-2012-4171
- http://web.nvd.nist....d=CVE-2012-4171
08/31/2012

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
___

>> http://get.adobe.com/air/
Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.

> These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168)...

- https://www.adobe.co...ty_ratings.html
"Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours)."
___

- https://secunia.com/advisories/50354/
Release Date: 2012-08-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-19.html

- http://www.securityt....com/id/1027422
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-4163 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4164 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4165 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4166 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4167 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4168 - 4.3
Aug 22 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.3.300.271 and prior
Solution: The vendor has issued a fix (11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x)...

:ph34r: :!:

Edited by AplusWebMaster, 09 September 2012 - 10:03 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#71 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 September 2012 - 04:32 AM

FYI...

ColdFusion DoS vuln/hotfix
- https://secunia.com/advisories/50523/
Release Date: 2012-09-11
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: Adobe ColdFusion 10.x, 8.x, 9.x
CVE Reference: CVE-2012-2048
Original Advisory: http://www.adobe.com.../apsb12-21.html
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.c...-apsb12-21.html .
___

- http://www.securityt....com/id/1027516
Sep 11 2012

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#72 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 29 September 2012 - 06:47 AM

FYI...

Adobe revocation of code signing certificate
- https://www.adobe.co.../apsa12-01.html
Sep 27, 2012 - "Summary: Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates signed using a new digital certificate for all affected products...
Affected software versions: The vast majority of Adobe customers will not be impacted by this issue. However, some customers, in particular administrators in managed Windows environments, may need to take certain action. To determine whether you or your organization are impacted, please refer to the support page on the Adobe website*...
* http://helpx.adobe.c...te-updates.html

- http://nakedsecurity...r-sign-malware/
Sep 28, 2012 - "... the issue appears to have been the result of hackers compromising a vulnerable build server. Malware seen using the digital signature includes pwdump7 v 7.1 (a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll). According to Adobe, the second malicious utility is myGeeksmail.dll, a malicious ISAPI filter..."

- https://isc.sans.edu...l?storyid=14194
Last Updated: 2012-09-28

- http://h-online.com/-1719955
28 Sep 2012

:ph34r:

Edited by AplusWebMaster, 29 September 2012 - 01:17 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#73 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 05 October 2012 - 09:40 AM

FYI...

Adobe revokes certificate ...
- https://www.adobe.co.../apsa12-01.html
Last updated: Oct 4, 2012 - "... Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products. The following certificate has been revoked and the certificate revocation list (CRL) is available at http://csc3-2010-crl...m/CSC3-2010.crl ..."
___

Adobe Cert Used to Sign Malware ...
- http://atlas.arbor.n...index#666340356
Oct 05, 2012

- https://blogs.techne...Redirected=true
3 Oct 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 06 October 2012 - 08:49 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#74 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 08 October 2012 - 06:04 PM

FYI...

Flash v11.4.402.287 / AIR v3.4.0.2710 released
- https://www.adobe.co.../apsb12-22.html
Oct 8, 2012
CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.4.402.278 and earlier versions for Windows and Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh should update to Adobe Flash Player 11.4.402.287.
• Users of Adobe Flash Player 11.2.202.238 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.243.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version*, which will include Adobe Flash Player 11.3.375.10 for Windows.
• Users of Adobe Flash Player 11.1.115.17 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.20.
• Users of Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.19.
• Users of Adobe AIR 3.4.0.2540 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
• Users of the Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2710 SDK.
• Users of the Adobe AIR 3.4.0.2540 and earlier versions for Android should update to the Adobe AIR 3.4.0.2710...
These updates address critical vulnerabilities in the software...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
___

>> http://get.adobe.com/air/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
* https://technet.micr...dvisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.micro....com/kb/2758994
___

- https://secunia.com/advisories/50876/
Release Date: 2012-10-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb12-22.html

- http://www.securityt....com/id/1027624
CVE Reference: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Oct 9 2012
Version(s): - prior- to 10.3.183.29, 11.4.402.287 for Windows and Mac; 11.2.202.243 for Linux; 11.1.115.20 for Android 4.x; 11.1.111.19 for Android 3.x...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (10.3.183.29, 11.4.402.287 for Windows and Mac; 11.2.202.243 for Linux; 11.1.115.20 for Android 4.x; 11.1.111.19 for Android 3.x)...

- https://www.us-cert...._bulletin_for15
Oct 10, 2012 - Flash v11.4.402.287 released...

:!: :!: :ph34r:

Edited by AplusWebMaster, 13 October 2012 - 04:46 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#75 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 23 October 2012 - 02:20 PM

FYI...

Shockwave v11.6.8.638 released
- https://www.adobe.co.../apsb12-23.html
Oct 23, 2012
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-4172 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4173 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4174 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4175 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4176 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5273 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638...
... newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/
... This update addresses critical vulnerabilities in the software...

- https://secunia.com/advisories/51090/
Release Date: 2012-10-24
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
Solution: Update to version 11.6.8.638.

:!: :ph34r:

Edited by AplusWebMaster, 24 October 2012 - 10:51 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#76 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 06 November 2012 - 02:05 PM

FYI...

Flash v11.5.502.110 released
- https://www.adobe.co.../apsb12-24.html
Nov 6, 2012
CVE number:
- http://web.nvd.nist....d=CVE-2012-5274 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5275 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5276 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5277 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5278 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5279 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5280 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
These updates address -critical- vulnerabilities in the software...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/

> http://helpx.adobe.c...ease_notes.html
___

- https://secunia.com/advisories/51213/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to a fixed version.
Original Advisory: Adobe (APSB12-24):
http://www.adobe.com.../apsb12-24.html

:ph34r: :ph34r: :!:

Edited by AplusWebMaster, 07 November 2012 - 06:00 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#77 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 20 November 2012 - 12:02 AM

FYI...

ColdFusion 10 Hotfix available for Windows
- https://www.adobe.co.../apsb12-25.html
November 19, 2012
CVE number: CVE-2012-5674
Platform: Windows
Summary: Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10 Update 1 and above for Windows
Solution: Adobe recommends customers update their installation of ColdFusion 10 Update 1 and above for Windows to ColdFusion 10 Update 5 using the instructions provided in the technote:
> http://helpx.adobe.c...-apsb12-25.html
___

- https://secunia.com/advisories/51335/
Release Date: 2012-11-20
Criticality level: Moderately critical
Impact: DoS
Where: From remote
CVE Reference: CVE-2012-5674
... vulnerability is reported in version 10 update 1 and higher.
Solution: Update to version 10 update 5...

:!: :ph34r:

Edited by AplusWebMaster, 20 November 2012 - 09:04 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#78 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 11 December 2012 - 01:14 PM

FYI...

Flash Player v11.5.502.135 released
- https://www.adobe.co.../apsb12-27.html
Dec 11, 2012
CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.135.
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136.
- Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.5 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.377.15.
- Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34.
- Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.29.

- Users of Adobe AIR 3.5.0.600 and earlier versions for Windows should update to Adobe AIR 3.5.0.880.
- Users of Adobe AIR 3.5.0.600 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.890.
- Users of the Adobe AIR 3.5.0.600 SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.880 SDK (Windows) or Adobe AIR 3.5.0.890 SDK (Mac)...
- http://get.adobe.com/air/

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://secunia.com/advisories/51560/
Release Date: 2012-12-12
Criticality level: Highly critical
Impact: System access
Where: From remote...
___

ColdFusion 10 and earlier - Hotfix available
- https://www.adobe.co.../apsb12-26.html
December 11, 2012
CVE number: CVE 2012-5675
Platform: All Platforms
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment...
Affected software versions:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Solution:
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.c...-apsb12-26.html .

- https://secunia.com/advisories/51551/
Release Date: 2012-12-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote...

:ph34r:

Edited by AplusWebMaster, 12 December 2012 - 05:48 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#79 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 13 December 2012 - 08:01 AM

FYI...

Adobe Photoshop Camera Raw - plug-in vuln/update
- https://www.adobe.co.../apsb12-28.html
December 12, 2012
CVE number: CVE-2012-5679, CVE-2012-5680
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Photoshop Camera Raw versions 7.2 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Photoshop Camera Raw versions 7.2 and earlier versions for Windows and Macintosh update to Photoshop Camera Raw version 7.3 using the instructions provided in the "Solution" section below...
Affected software versions: Photoshop Camera Raw version 7.2 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends customers update the Photoshop Camera Raw plugin through the update mechanism available in the Adobe Bridge 5.0 or 5.0.1 client. To update the plugin, choose Updates from the Help menu, and then follow the onscreen instructions to download and install the latest version of the Camera Raw plug-in."

- https://secunia.com/advisories/49929/
Release Date: 2012-12-13
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-5679, CVE-2012-5680
Software: Adobe Bridge CS6 5.x, Adobe Photoshop CS6 13.x
Solution: Update the plug-in to version 7.3 via the application's update mechanism...

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#80 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 05 January 2013 - 08:56 AM

FYI...

Adobe ColdFusion - multiple vulns ...
- https://www.adobe.co.../apsa13-01.html
January 4, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631
Platform: All
Summary: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX:
CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers. Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set. We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013..."
___

Adobe Reader/Acrobat prenotification for Jan 2013
- https://www.adobe.co.../apsb13-02.html
Jan 3, 2013 - "Adobe is planning to release security updates on Tuesday, January 8, 2013 for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux..."

:ph34r: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#81 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 08 January 2013 - 02:17 PM

FYI...

Flash Player v11.5.502.146 released
- https://www.adobe.co.../apsb13-01.html
Jan 8, 2013
CVE number: http://web.nvd.nist....d=CVE-2013-0630 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.135 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.2.202.258 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.261.
    Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
    Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows: https://support.micr....com/kb/2796096
- Users of Adobe Flash Player 11.1.115.34 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.36.
- Users of Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.31.
- Users of Adobe AIR 3.5.0.880 and earlier versions for Windows should update to Adobe AIR 3.5.0.1060.
- Users of Adobe AIR 3.5.0.890 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.1060.
- Users of the Adobe AIR SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.1060 SDK...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/51771/
Release Date: 2013-01-08
Criticality level: Highly critical
Impact: System access
Where: From remote...  
CVE Reference: CVE-2013-0630
Solution: Update to a fixed version...
___

Adobe Reader/Acrobat v11.0.1 released
- https://www.adobe.co.../apsb13-02.html
Jan 8, 2013
CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.0) for Windows and Macintosh should update to Adobe Reader XI (11.0.1).
- For users of Adobe Reader X (10.1.4) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader X (10.1.5).
- For users of Adobe Reader 9.5.2 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader 9.5.3.
- Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
- Users of Adobe Acrobat XI (11.0.0) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.1).
- Users of Adobe Acrobat X (10.1.4) and earlier versions for Windows and Macintosh should update to Adobe Acrobat X (10.1.5).
- Users of Adobe Acrobat 9.5.2 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.3...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
___

- http://www.securityt....com/id/1027952
CVE Reference: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Jan 8 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
Solution: The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).
... advisory is available at:
- http://www.adobe.com.../apsb13-02.html

:ph34r: :ph34r:


Edited by AplusWebMaster, 25 January 2013 - 06:56 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#82 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 15 January 2013 - 05:15 PM

FYI...

ColdFusion hotfix released
- https://www.adobe.co.../apsa13-01.html
Last updated: January 16, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
Platform: All
Summary: Adobe has identified four vulnerabilities affecting ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX:
• CVE-2013-0625 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
• CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
• CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
• CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers.
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-03*..."
* https://www.adobe.co.../apsb13-03.html
>> http://helpx.adobe.c...-apsb13-03.html

January 16, 2013 - Advisory revised to correct the versions of ColdFusion vulnerable to CVE-2013-0625.

:ph34r: :ph34r:


Edited by AplusWebMaster, 17 January 2013 - 12:16 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#83 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 07 February 2013 - 05:08 PM

FYI...

Flash v11.5.502.149 released
- https://www.adobe.co.../apsb13-04.html
Feb 7, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-0633 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0634 - 9.3 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates... These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
- Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows...
- Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
- Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://blogs.adobe....-apsb13-04.html

- https://secunia.com/advisories/52116/
Release Date: 2013-02-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0633, CVE-2013-0634
... vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb13-04.html
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
"... updates are available from... Windows Update..."
V7.0 (February 7, 2013): Added KB2811522* to the Current update section.
* http://support.micro....com/kb/2811522

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 February 2013 - 11:26 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#84 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 February 2013 - 03:38 PM

FYI...

Flash Player v11.6.602.168 released
- https://www.adobe.co.../apsb13-05.html
February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637

https://web.nvd.nist...3months&cves=on
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.168.
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.167.
- Users of Adobe Flash Player 11.2.202.262 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.270.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.167 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.167 for Windows.
- Users of Adobe Flash Player 11.1.115.37 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.47.
- Users of Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.43.
- Users of Adobe AIR 3.5.0.1060 and earlier versions should update to Adobe AIR 3.6.0.597.
- Users of the Adobe AIR 3.5.0.1060 SDK (including AIR for iOS) and earlier should update to the new Adobe AIR 3.6.0.599 SDK + Compiler...

- https://www.adobe.co...05.html#Ratings
Product     Updated version     Platform     Priority rating
Adobe Flash Player     11.6.602.168     Windows     1

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
"... updates are available from... Windows Update..."
V8.0 (February 12, 2013): Added KB2805940 to the Current update section.
* http://support.micro....com/kb/2805940
___

Shockwave Player v12.0.0.112 released
- https://www.adobe.co.../apsb13-06.html
February 12, 2013
CVE number: CVE-2013-0635, CVE-2013-0636
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems.  This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.8.638 and earlier versions update to Adobe Shockwave Player 12.0.0.112...

>>  http://get.adobe.com/shockwave/

.

:ph34r: :ph34r:


Edited by AplusWebMaster, 13 February 2013 - 01:33 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#85 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 20 February 2013 - 01:21 PM

FYI...

Adobe Reader/Acrobat 11.0.02 released
- https://www.adobe.co.../apsb13-07.html
February 20, 2013
CVE number:
- http://web.nvd.nist....d=CVE-2013-0640 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2013-0641 - 9.3 (HIGH)
Platform: All Platforms
"... Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
• For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
• For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
• Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
• Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
• Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
• Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4...
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
- http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
- http://www.adobe.com...tform=Macintosh
Adobe Reader users on Linux can find the appropriate update here:
- ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard, Pro and Pro Extended users on Windows can also find the appropriate update here:
- http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
- http://www.adobe.com...tform=Macintosh ..."

New Downloads:
- https://www.adobe.co...wnloads/new.jsp

:ph34r:


Edited by AplusWebMaster, 20 February 2013 - 03:42 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#86 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 27 February 2013 - 07:16 AM

FYI...

Flash 11.6.602.171 released
- https://www.adobe.co.../apsb13-08.html
Feb 26, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-0504 -10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0643 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0648 - 9.3 (HIGH)
Platform: All platforms
Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Summary: Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.
- Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.
- Adobe Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://helpx.adobe.c...on_your_machine
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
"... updates are available from... Windows Update..."
Affected Software: Windows 8, Windows Server 2012, Windows RT
V9.0 (February 26, 2013): Added KB2819372 to the Current Update section.
___

- https://secunia.com/advisories/52374/
Release Date: 2013-02-27
Criticality level: Extremely critical
Impact: Security Bypass, System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com.../apsb13-08.html
___

-Fake- Adobe Flash update page
- https://www.symantec...s/Figure1_6.png
Feb 27, 2013

- http://www.symantec....rms-click-fraud
Feb 27, 2013 - "... To ensure that you do not become a victim in the first place, please ensure that your antivirus definitions are constantly updated and that your software packages are also regularly updated. Do not download updates from third-party sites and always double check the URL of the download that is being offered."

:ph34r: :ph34r:


Edited by AplusWebMaster, 02 March 2013 - 09:57 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#87 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 March 2013 - 01:04 PM

FYI...

Flash v11.6.602.180 released
- https://www.adobe.co.../apsb13-09.html
March 12, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-0646 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0650 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1371 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1375 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.6.602.180.
- Users of Adobe Flash Player 11.2.202.273 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.275.
- Adobe Flash Player 11.6.602.171 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.6.602.171 installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.180 for Windows.
- Users of Adobe Flash Player 11.1.115.47 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.48.
- Users of Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.44.
- Users of Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.6.0.6090.
- Users of the Adobe AIR 3.6.0.597 SDK and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK.
- Users of the Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions should update to the Adobe AIR 3.6.0.6090 SDK & Compiler.

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://helpx.adobe.c...on_your_machine

>> http://get.adobe.com/air/
 

:ph34r:


Edited by AplusWebMaster, 17 March 2013 - 12:28 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#88 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 09 April 2013 - 02:10 PM

FYI...

Flash v11.7.700.169 released
- https://www.adobe.co.../apsb13-11.html
April 9, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-1378 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1379 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1380 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-2555 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.169.
- Users of Adobe Flash Player 11.2.202.275 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.280.
- Adobe Flash Player 11.6.602.180 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.179 for Windows and 11.7.700.169 for Macintosh and Linux.
- Adobe Flash Player 11.6.602.180 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.169 for Windows 8.
- Users of Adobe Flash Player 11.1.115.48 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.54.
- Users of Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.50.
- Users of Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android should update to Adobe AIR 3.7.0.1530.
- Users of the Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1530 SDK & Compiler...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://helpx.adobe.c...on_your_machine

>> http://get.adobe.com/air/

- https://secunia.com/advisories/52931/
Release Date: 2013-04-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
___

Shockwave v12.0.2.122 released
- https://www.adobe.co.../apsb13-12.html
April 9, 2013
CVE number: CVE-2013-1383, CVE-2013-1384, CVE-2013-1385, CVE-2013-1386
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.0.112 and earlier versions on the Windows and Macintosh operating systems.  This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to Adobe Shockwave Player 12.0.2.122 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.0.112 and earlier versions update to the newest version 12.0.2.122, available here: http://get.adobe.com/shockwave/

- https://secunia.com/advisories/52981/
Release Date: 2013-04-10
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 12.0.2.122
___

ColdFusion hotfix
- https://www.adobe.co.../apsb13-10.html
April 9, 2013
CVE number: CVE-2013-1387, CVE-2013-1388
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.  Adobe recommends users update their product installation...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.c...-apsb13-10.html

- https://secunia.com/advisories/52995/
Release Date: 2013-04-10
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing
Where: From remote...
Solution: Apply hotfix.
 

:ph34r:


Edited by AplusWebMaster, 11 April 2013 - 02:20 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#89 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 09 May 2013 - 08:54 AM

FYI...

0-day ColdFusion critical vulnerability - https://isc.sans.edu...l?storyid=15770

- https://www.adobe.co.../apsa13-03.html
May 8, 2013
CVE number: https://web.nvd.nist...d=CVE-2013-3336
Summary: Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on the server.
There are reports that an exploit for this vulnerability is publicly available.  ColdFusion customers who have restricted public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories (as outlined in the ColdFusion 9 Lockdown Guide* and ColdFusion 10 Lockdown Guide**) are already mitigated against this issue. Customers who have not already applied these steps can protect themselves from CVE-2013-3336 by implementing the following configuration settings:
- Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide**
We are in the process of finalizing a fix for this issue and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to be available on May 14, 2013...
* http://wwwimages.ado...guide-wp-ue.pdf

** http://wwwimages.ado...kdown Guide.pdf

Revisions - May 9, 2013: Revised to clarify the CFIDE/gettingstarted directory is only applicable to ColdFusion version 8.x and earlier.

- http://atlas.arbor.n...index#366717635
Severity: High Severity
May 09, 2013 17:23
"... being exploited in the wild..."
___

Prenotification Security Advisory for Adobe Reader and Acrobat
- https://www.adobe.co.../apsb13-15.html
May 9, 2013 - "Summary: Adobe is planning to release security updates on Tuesday, May 14, 2013 for Adobe Reader and Acrobat..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 May 2013 - 05:42 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#90 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 14 May 2013 - 11:42 AM

FYI...

Flash v11.7.700.202 released
- https://www.adobe.co.../apsb13-14.html
May 14, 2013
CVE number: CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335
Platform: All platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.7.700.202.
- Users of Adobe Flash Player 11.2.202.280 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.285.
- Adobe Flash Player 11.7.700.169 installed with Google Chrome (and version 11.7.700.179 on the Windows platform) will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.169 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.202 for Windows 8.
- Users of Adobe Flash Player 11.1.115.54 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.58.
- Users of Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.54.
- Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.7.0.1860.
- Users of Adobe AIR 3.7.0.1660 and earlier versions for Android should update to Adobe AIR 3.7.0.1860.
- Users of the Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions should update to the Adobe AIR 3.7.0.1860 SDK & Compiler...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://helpx.adobe.c...on_your_machine

>> http://get.adobe.com/air/
___

Adobe Reader/Acrobat v11.0.03 released
- https://www.adobe.co.../apsb13-15.html
May 14, 2013
CVE number: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.02) for Windows and Macintosh should update to Adobe Reader XI (11.0.03).
- For users of Adobe Reader X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader X (10.1.7).
- For users of Adobe Reader 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.03), Adobe has made available the update Adobe Reader 9.5.5.
- Users of Adobe Reader 9.5.4 and earlier versions for Linux should update to Adobe Reader 9.5.5.
- Users of Adobe Acrobat XI (11.0.02) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.03).
- For users of Adobe Acrobat X (10.1.6) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat X (10.1.7).
- For users of Adobe Acrobat 9.5.4 and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.03), Adobe has made available the update Adobe Acrobat 9.5.5...
___

ColdFusion hotfix available
- https://www.adobe.co.../apsb13-13.html
May 14, 2013
CVE number: CVE-2013-1389, CVE-2013-3336
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.  This hotfix addresses a vulnerability (CVE-2013-1389) that could allow remote arbitrary code execution on a system running ColdFusion, and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server.
Adobe is aware of reports that CVE-2013-3336 (referenced in Security Advisory APSA13-03) is being exploited in the wild against ColdFusion customers. Adobe recommends users update their product installation using the instructions provided in the "Solution" ...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.c...-apsb13-13.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page, as well as review the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide.
 

 

:ph34r: :ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#91 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 11 June 2013 - 12:58 PM

FYI...

Flash v11.7.700.224 released
- https://www.adobe.co.../apsb13-16.html
June 11, 2013
CVE number: https://web.nvd.nist...d=CVE-2013-3343 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.202 and earlier versions for Windows should update to Adobe Flash Player 11.7.700.224.
- Users of Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh should update to Adobe Flash Player 11.7.700.225.
- Users of Adobe Flash Player 11.2.202.285 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.291.
- Adobe Flash Player 11.7.700.203 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.225 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.202 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.7.700.224 for Windows 8.
- Users of Adobe Flash Player 11.1.115.58  and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.63.
- Users of Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.59.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Windows should update to Adobe AIR 3.7.0.2090.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Macintosh should update to Adobe AIR 3.7.0.2100.
- Users of Adobe AIR 3.7.0.1860 and earlier versions for Android should update to Adobe AIR 3.7.0.2090.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.7.0.2090 SDK & Compiler.
- Users of the Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.7.0.2100 SDK & Compiler...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://helpx.adobe.c...on_your_machine

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/53751/
Release Date: 2013-06-11
Criticality level: Highly critical
Impact:    System access
Where: From remote
... vulnerability is caused due to an unspecified error and can be exploited to cause memory corruption.
Solution: Update to a fixed version.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 June 2013 - 12:04 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#92 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 09 July 2013 - 01:34 PM

FYI...

Flash Player 11.8.800.94 released
- https://www.adobe.co.../apsb13-17.html
July 9, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-3344 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3345 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-3347 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.7.700.224 and earlier versions for Windows should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh should update to Adobe Flash Player 11.8.800.94.
- Users of Adobe Flash Player 11.2.202.291 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.297.
- Adobe Flash Player 11.7.700.225 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.97 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.7.700.224 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.94 for Windows 8.
- Users of Adobe Flash Player 11.1.115.63 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.69.
- Users of Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.64...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://helpx.adobe.c...on_your_machine
___

Shockwave Player 12.0.3.133 released
- https://www.adobe.co.../apsb13-18.html
July 9, 2013
CVE number: CVE-2013-3348
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems.  This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system.  Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to Adobe Shockwave Player 12.0.3.133...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.2.122 and earlier versions update to the newest version 12.0.3.133, available here:
- http://get.adobe.com/shockwave/
___

ColdFusion hotfixes available
- https://www.adobe.co.../apsb13-19.html
July 9, 2013
CVE number: CVE-2013-3349, CVE-2013-3350
Platform: All
Summary: Adobe has released a security hotfix for ColdFusion 10 for Windows, Macintosh and Linux.  This hotfix addresses a vulnerability (CVE-2013-3350) that could permit an attacker to invoke public methods on ColdFusion Components (CFC) using WebSockets. Adobe has released a security hotfix for ColdFusion versions 9.0, 9.0.1 and 9.0.2 on JRun.  This hotfix addresses a vulnerability (CVE-2013-3349) that could be exploited to cause a denial of service condition on a system running ColdFusion 9.0, 9.0.1 and 9.0.2 on JRun. ColdFusion 10 customers are not affected by CVE-2013-3349.
Adobe recommends users update their product installation...
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.c...-apsb13-19.html ...
___

- https://isc.sans.edu...l?storyid=16129
Last Updated: 2013-07-09 18:41:00 UTC
___

Flash:
- https://secunia.com/advisories/53975/

Shockwave:
- https://secunia.com/advisories/53894/

ColdFusion:
- https://secunia.com/advisories/53997/
- https://secunia.com/advisories/54024/

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 12 July 2013 - 06:59 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#93 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 10 September 2013 - 11:53 AM

FYI...

Flash Player v11.8.800.168 released
- http://www.adobe.com.../apsb13-21.html
Sep 10, 2013
CVE number: CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.8.800.168.
- Users of Adobe Flash Player 11.2.202.297 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.310.
- Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.8.800.94 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.8.800.168 for Windows 8.
- Users of Adobe Flash Player 11.1.115.69 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.81.
- Users of Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x should update to Flash Player 11.1.111.73.
- Users of Adobe AIR 3.8.0.870 and earlier versions for Windows and Android should update to Adobe AIR 3.8.0.1430.
- Users of Adobe AIR 3.8.0.910 and earlier versions for Macintosh should update to Adobe AIR 3.8.0.1430.
- Users of the Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows should update to the Adobe AIR 3.8.0.1430 SDK & Compiler.
- Users of the Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh should update to the Adobe AIR 3.8.0.1430 SDK & Compiler...

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...on_your_machine

Adobe AIR 3.8
- http://get.adobe.com/air/

- https://secunia.com/advisories/54697/
Release Date: 2013-09-10
Criticality: Highly Critical
Software: Adobe AIR 3.x, Adobe Flash Player 11.x
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb13-21.html
___

Adobe Reader / Acrobat v11.0.04 released
- http://www.adobe.com.../apsb13-22.html
Sep 10, 2013
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.03) for Windows and Macintosh should update to Adobe Reader XI (11.0.04).
- For users of Adobe Reader X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.04), Adobe has made available the update Adobe Reader X (10.1.8 ).
- Users of Adobe Acrobat XI (11.0.03) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.04).
- For users of Adobe Acrobat X (10.1.7) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.04), Adobe has made available the update Adobe Acrobat X (10.1.8 )...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
Help >About >Check for updates...

- https://secunia.com/advisories/54694/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
... can be exploited by malicious people to compromise a user's system.
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb13-22.html
___

Shockwave Player v12.0.4.144 released
- http://www.adobe.com.../apsb13-23.html
Sep 10, 2013
CVE number: CVE-2013-3359 and CVE-2013-3360
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to Adobe Shockwave Player 12.0.4.144 ...
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.3.133 and earlier versions update to the newest version 12.0.4.144, available here:
- http://get.adobe.com/shockwave/

- https://secunia.com/advisories/54700/
Release Date: 2013-09-10
Criticality: Highly Critical
Where: From remote
Impact: System access...
CVE Reference(s): CVE-2013-3359, CVE-2013-3360
... can be exploited by malicious people to compromise a user's system.
Solution: Update to version 12.0.4.144.
Original Advisory: http://www.adobe.com.../apsb13-23.html
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 10 September 2013 - 07:53 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#94 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 21 September 2013 - 02:59 PM

FYI...

Flash Player 11.8.800.175 (Win IE) ...
- http://forums.adobe....message/5698133
Sep 19, 2013 - "... Flash Player 11.8.800.175 is available for download via our auto update mechanism. This update includes multiple stability fixes for the Windows ActiveX (Internet Explorer) plugin only ...
Bug fixes: 3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side..."

Flash Player 11.8.800.175 (Win IE) ...
- https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...on_your_machine
___

Text is corrupted when it's typed into a webpage that uses Adobe Flash Player after you install security update 2880289
- http://support.micro....com/kb/2889543
Last Review: September 24, 2013 - Revision: 2.0
"... issue is resolved in the current release of Adobe Flash Player. For more information, see the following Adobe release notes:
- http://helpx.adobe.c...ease_notes.html
"...Fixed Issues
September 24th, 2013
3630443 - [External][Windows][IE] ExternalInterface.call() method with non-ASCII text as a parameter corrupts the characters on the Javascript side
3631555 - [Windows][IE] ExternalInterface.call() does not work normally since flash player 11.8.800.168
3631605 - [Windows][IE][Video] Video playback failure in Nico Video ...
- http://helpx.adobe.c...leased_versions
Flash Player Desktop (Win Internet Explorer)     11.8.800.175 ..."

* http://support.micro....com/kb/2880289
Last Review: September 24, 2013 - Revision: 4.1
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 26 September 2013 - 05:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#95 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 08 October 2013 - 11:42 AM

FYI...

Flash Player v11.9 / AIR 3.9
- http://helpx.adobe.c...leased_versions
Oct 8, 2013
Deliverable                     Released Version
Flash Player Desktop (Win Internet Explorer)     11.9.900.117
Flash Player Desktop (Win Other Browsers)     11.9.900.117
Flash Player Desktop (Mac)             11.9.900.117
Flash Player Desktop (Linux)             11.2.202.310
Flash Player Enterprise 11.7 (Mac and Win)     11.7.700.242
Flash Player Desktop (Win 8)             11.9.900.117
Flash Player Desktop (Chrome)             11.9.900.117
AIR Desktop (Win)                  3.9.0.1030
AIR Desktop (Mac)                  3.9.0.1030
AIR Android                      3.9.0.1060
AIR SDK & Compiler(Win)              3.9.0.1030
AIR SDK & Compiler(Mac)              3.9.0.1030
AIR SDK(Win)                      3.9.0.1030
AIR SDK(Mac)                    3.9.0.1030

- http://forums.adobe....5744968#5744968
Oct 8, 2013

- https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...on_your_machine

Adobe AIR 3.9
- http://get.adobe.com/air/
___

Adobe Reader/Acrobat v11.0.05 released
- http://www.adobe.com.../apsb13-25.html
Oct 8, 2013
CVE number: https://web.nvd.nist...d=CVE-2013-5325 - 9.3 (HIGH)
[Last revised: 10/10/2013]
Platform: Windows
"Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows. These updates address a -regression- that occurred in version 11.0.04 affecting Javascript security controls. Adobe Reader and Acrobat X (10.1.8) and earlier versions for Windows are -not- affected, and all versions of Adobe Reader and Acrobat for Macintosh are also -not- affected by this vulnerability. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.04) for Windows should update to Adobe Reader XI (11.0.05).
- Users of Adobe Acrobat XI (11.0.04) for Windows should update to Adobe Acrobat XI (11.0.05)...
Adobe Reader: Users on Windows can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates...
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule.  Update checks can be manually activated by choosing Help > Check for Updates...
___

Adobe RoboHelp - Security update
- http://www.adobe.com.../apsb13-24.html
Oct 8, 2013
CVE number: https://web.nvd.nist...d=CVE-2013-5327 - 10.0 (HIGH)
Platform: Windows
"Summary: Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section...
This update addresses a -critical- vulnerability in the software..."
Affected software versions: RoboHelp 10 for Windows
Solution: Adobe recommends users of RoboHelp 10 apply the fix...
(See the Adobe URL above for links and fix.)
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 16 October 2013 - 07:34 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#96 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 12 November 2013 - 03:42 PM

FYI...

Flash v11.9.900.152 released
- https://www.adobe.co.../apsb13-26.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-5329 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-5330 - 10.0 (HIGH)
Platform: All Platforms
"Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.152.
- Users of Adobe Flash Player 11.2.202.310 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.327.
- Adobe Flash Player 11.9.900.117 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.152 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.0
- Adobe Flash Player 11.9.900.117 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.152 for Windows 8.1
- Users of Adobe AIR 3.9.0.1030 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1210.
- Users of Adobe AIR 3.9.0.1060 and earlier versions for Android should update to Adobe AIR 3.9.0.1210.
- Users of the Adobe AIR 3.9.0.1030 SDK and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK.
- Users of the Adobe AIR 3.9.0.1030 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1210 SDK & Compiler...

- https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...on_your_machine

Adobe AIR 3.9.0.1210
- http://get.adobe.com/air/
___

ColdFusion hotfix...
- https://www.adobe.co.../apsb13-27.html
Nov 12, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-5326 - 3.5
- https://web.nvd.nist...d=CVE-2013-5328 - 7.8 (HIGH)
Platform: All platforms
"Summary: Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux.  This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. This hotfix also addresses a vulnerability (CVE-2013-5328) in ColdFusion 10 that could permit unauthorized remote read access...
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here:
- http://helpx.adobe.c...-apsb13-27.html
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 14 November 2013 - 07:51 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#97 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 10 December 2013 - 02:39 PM

FYI...

Flash 11.9.900.170 released
- http://helpx.adobe.c.../apsb13-28.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist...d=CVE-2013-5331 - 9.3 (HIGH)
"... as exploited in the wild in December 2013."
- https://web.nvd.nist...d=CVE-2013-5332 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack.
Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.9.900.170.
• Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332.
• Adobe Flash Player 11.9.900.152 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.9.900.170 for Windows, Macintosh and Linux.
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.0
• Adobe Flash Player 11.9.900.152 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 11.9.900.170 for Windows 8.1
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh should update to Adobe AIR 3.9.0.1380.
• Users of Adobe AIR 3.9.0.1210 and earlier versions for Android should update to Adobe AIR 3.9.0.1380.
• Users of the Adobe AIR 3.9.0.1210 SDK and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK.
• Users of the Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions should update to the Adobe AIR 3.9.0.1380 SDK & Compiler...

- https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...ash-player.html

Adobe AIR
- http://get.adobe.com/air/

- https://secunia.com/advisories/55948/
Criticality: Highly Critical
___

Shockwave 12.0.7.148 released
- http://helpx.adobe.c.../apsb13-29.html
Dec 10, 2013
CVE numbers:
- https://web.nvd.nist...d=CVE-2013-5333 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-5334 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to Adobe Shockwave Player 12.0.7.148 using the instructions provided in the "Solution" section below.
Affected software versions: Adobe Shockwave Player 12.0.6.147 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to the newest version 12.0.7.148, available here:
- http://get.adobe.com/shockwave/

- https://secunia.com/advisories/55952/
Criticality: Highly Critical
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 05 January 2014 - 10:10 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#98 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 09 January 2014 - 09:49 PM

FYI...

Prenotification Security Advisory for Adobe Reader and Acrobat
- http://helpx.adobe.c.../apsb14-01.html
Jan 9, 2014 - "Adobe is planning to release security updates on Tuesday, January 14, 2014 for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh... This Security Advisory will be replaced with the Security Bulletin upon release of the update on Tuesday, January 14, 2014..."
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#99 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 14 January 2014 - 01:06 PM

FYI...

Flash 12.0.0.38 released
- http://helpx.adobe.c.../apsb14-02.html
Jan 14, 2014
CVE number: CVE-2014-0491, CVE-2014-0492
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.332 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Windows Internet Explorer should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for NPAPI plugin-based browsers on Windows should update to Adobe Flash Player 12.0.0.43
- Users of Adobe Flash Player 11.9.900.170 and earlier versions for Macintosh should update to Adobe Flash Player 12.0.0.38.
- Users of Adobe Flash Player 11.2.202.332 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.335.
- Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.0.
- Adobe Flash Player 11.9.900.170 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.38 for Windows 8.1.
-- Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should update to Adobe AIR 4.0.0.1390.
- Users of Adobe AIR 3.9.0.1380 and earlier versions for Android should update to Adobe AIR 4.0.0.1390.
- Users of the Adobe AIR 3.9.0.1380 SDK and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK.
- Users of the Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1390 SDK & Compiler...

- https://www.adobe.co...tribution3.html

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://helpx.adobe.c...ash-player.html

Adobe AIR
- http://get.adobe.com/air/
___

Adobe Reader/Acrobat 11.0.06 released
- http://helpx.adobe.c.../apsb14-01.html
Jan 14, 2014
CVE Numbers: CVE-2014-0493, CVE-2014-0495, CVE-2014-0496
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.05) for Windows and Macintosh should update to Adobe Reader XI 11.0.06.
- For users of Adobe Reader X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.06), Adobe has made available the update Adobe Reader X (10.1.9).
- Users of Adobe Acrobat XI (11.0.05) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.06).
- For users of Adobe Acrobat X (10.1.8 ) and earlier versions for Windows and Macintosh, who cannot update to Adobe Acrobat XI (11.0.06), Adobe has made available the update Adobe Acrobat X (10.1.9)...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates...
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#100 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,992 posts

Posted 23 January 2014 - 09:19 AM

FYI...

Adobe Digital Editions v3.0 released
- https://secunia.com/advisories/56578/
Release Date: 2014-01-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2014-0494
... vulnerability is reported in version 2.0.1.
Solution: Upgrade to version 3.0.
Original Advisory:
http://helpx.adobe.c.../apsb14-03.html

- http://www.adobe.com...s/download.html
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





4 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


    Yahoo (2)
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button