Jump to content


Photo

Adobe multiple vulns


  • Please log in to reply
176 replies to this topic

#151 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 06 April 2016 - 09:10 AM

FYI...

Flash Player - CVE-2016-1019
- https://helpx.adobe..../apsa16-01.html
April 5, 2016
CVE number: CVE-2016-1019
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: "A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version -20.0.0.306- and earlier. A mitigation introduced in Flash Player 21.0.0.182 currently -prevents- exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7..."
> https://blogs.adobe.com/psirt/?p=1330
April 5, 2016 - "... critical vulnerability (CVE-2016-1019) in Adobe Flash Player.  UPDATE: Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 06 April 2016 - 11:58 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#152 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 08 April 2016 - 06:18 AM

FYI...

Flash 21.0.0.213 released
- https://helpx.adobe..../apsb16-10.html
Apr 7, 2016
CVE number: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier...
- Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.213 via the update mechanism within the product when prompted.. or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.343 by visiting:

-   http://helpx.adobe.c...-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.616 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.213 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
- Adobe Flash Player installed with Internet Explorer for Windows 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.213.
- Please visit the Flash Player Help page for assistance in installing Flash Player...

For I/E - some versions get 'Automatic' updates:
- https://download.mac...21_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_21_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/
___

- http://www.securityt....com/id/1035509
CVE Reference: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033
Apr 8 2016
Version(s): prior to 21.0.0.213 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (21.0.0.213; ESR 18.0.0.343; 11.2.202.616 for Linux)...
___

- https://www.us-cert....es-Flash-Player
April 08, 2016

Flash 0day (CVE-2016-1019) in the Wild; Exploit Kits Delivering Ransomware
- https://atlas.arbor....ndex#-169418222
Elevated Severity
April 07, 2016 21:52

- https://web.nvd.nist...d=CVE-2016-1019
Last revised: 04/11/2016 - "... as exploited in the wild in April 2016."
10.0 HIGH
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 28 April 2016 - 05:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#153 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 12 April 2016 - 02:15 PM

FYI...

Creative Cloud 3.6.0.244 released
- https://helpx.adobe..../apsb16-11.html
April 12, 2016
CVE number: CVE-2016-1034
Platform: Windows and Macintosh
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Creative Cloud Desktop Application - 3.6.0.244 - Windows and Macintosh ...
Creative Cloud users can apply the update via the application's update mechanism. For more details, visit:

- https://www.adobe.co...esktop-app.html
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
- https://helpx.adobe....d-licenses.html
Refer to this help page* for more information on the Creative Cloud Packager.
* https://helpx.adobe....d/packager.html
Vulnerability Details: This update resolves a vulnerability in the JavaScript API for Creative Cloud Libraries that could be abused to remotely read and write files on the client’s file system (CVE-2016-1034)...
___

Security hotfix available for RoboHelp Server
- https://helpx.adobe..../apsb16-12.html
April 12, 2016
CVE number: CVE-2016-1035
Platform: Windows
Solution: ... Please refer to the Knowledge Base article available here* for instructions to download and apply the hotfix.
* https://helpx.adobe....rity-issue.html
Vulnerability Details: This hotfix resolves a vulnerability in the handling of SQL queries that could lead to information disclosure (CVE-2016-1035)...
___

Security updates available for Adobe Flash Player
- https://helpx.adobe..../apsb16-10.html
Last updated: April 12, 2016: Updated to reflect the availability of AIR updates for the CVEs referenced in this bulletin.
Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 21.0.0.198 by visiting the AIR download center* or the AIR developer center**.

* AIR: 21.0.0.198: http://get.adobe.com/air/

** http://www.adobe.com...k-download.html
___

- https://www.us-cert....top-Application
April 12, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 April 2016 - 02:56 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#154 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 10 May 2016 - 10:58 AM

FYI...

Flash Player Advisory
- https://helpx.adobe..../apsa16-02.html
May 10, 2016
CVE number: CVE-2016-4117
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog:
> http://blogs.adobe.com/psirt/

> https://web.nvd.nist...d=CVE-2016-4117
Last revised: 05/10/2016 - "... as exploited in the wild in May 2016."
___

Acrobat, Reader 2015.016.20039, 11.0.16 released  
- https://helpx.adobe..../apsb16-14.html
May 10,2016
CVE Numbers: CVE-2016-1037, CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1043, CVE-2016-1044, CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE-2016-1057, CVE-2016-1058, CVE-2016-1059, CVE-2016-1060, CVE-2016-1061, CVE-2016-1062, CVE-2016-1063, CVE-2016-1064, CVE-2016-1065, CVE-2016-1066, CVE-2016-1067, CVE-2016-1068, CVE-2016-1069, CVE-2016-1070, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1075, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1079, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1087, CVE-2016-1088, CVE-2016-1090, CVE-2016-1092, CVE-2016-1093, CVE-2016-1094, CVE-2016-1095, CVE-2016-1112, CVE-2016-1116, CVE-2016-1117, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1121, CVE-2016-1122, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4091, CVE-2016-4092, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4102, CVE-2016-4103, CVE-2016-4104, CVE-2016-4105, CVE-2016-4106, CVE-2016-4107
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...

Acrobat:
> https://www.adobe.co...latform=Windows
5/10/2016
Reader:
> https://www.adobe.co...latform=Windows
5/10/2016
___

Hotfixes available for ColdFusion
- https://helpx.adobe..../apsb16-16.html
May 10, 2016
CVE numbers: CVE-2016-1113, CVE-2016-1114, CVE-2016-1115
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue (CVE-2016-1113), a host name verification problem with wild card certificates (CVE-2016-1115) and include an updated version of Apache Commons Collections library to mitigate java deserialization (CVE-2016-1114)...
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion (2016 release): http://helpx.adobe.c...6-update-1.html
ColdFusion 11: http://helpx.adobe.c...1-update-8.html
ColdFusion 10: http://helpx.adobe.c...-update-19.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide.
ColdFusion (2016 release) Lockdown guide
> http://wwwimages.ado...kdown-guide.pdf
ColdFusion 11 Lockdown Guide
> http://www.adobe.com...kdown-guide.pdf
ColdFusion 10 Lockdown Guide
> http://wwwimages.ado...kdown-guide.pdf
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 11 May 2016 - 12:08 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#155 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 12 May 2016 - 10:49 AM

FYI...

Flash 21.0.0.242 released
- https://helpx.adobe..../apsb16-15.html
May 12, 2016
CVE number: CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116, CVE-2016-4117
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild...
Solution:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.242 via the update mechanism within the product when prompted... or by visiting the Adobe Flash Player Download Center:
> http://www.adobe.com/go/getflash
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.352 by visiting:
> http://helpx.adobe.c...r-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.621 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.242 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 21.0.0.242.
- Adobe recommends users of the AIR desktop runtime, AIR SDK* and AIR SDK & Compiler update to version 21.0.0.215 by visiting the AIR download center or the AIR developer center.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html

* Air 21.0: https://get.adobe.com/air/

Revisions:
May 13, 2016: Modified the affected versions of Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and 8.1 from 21.0.0.213 and earlier to 21.0.0.241 and earlier.  
May 19, 2016: Added CVE-2016-4120 and CVE-2016-4121, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
June 3, 2016: Added CVE-2016-4160, CVE-2016-4161, CVE-2016-4162 and CVE-2016-4163, which were resolved in this release but inadvertently -omitted- from the original release of the bulletin.
___

> https://web.nvd.nist...d=CVE-2016-4117
Last revised: 05/13/2016 - "... as exploited in the wild in May 2016."
CVSS v2 Base Score: 10.0 HIGH
CVSS v3 Base Score: 9.8 Critical

For I/E - some versions get 'Automatic' updates:
- https://download.mac...21_active_x.exe
For Firefox and other Plugin-based browsers:
- https://download.mac...r_21_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 June 2016 - 07:34 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#156 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 14 June 2016 - 12:06 PM

FYI...

Flash Player CVE-2016-4171 ...
- https://helpx.adobe..../apsa16-03.html
June 14, 2016
CVE number: https://cve.mitre.or...e=CVE-2016-4171
Platforms: Windows, Macintosh, Linux and Chrome OS
Summary: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16..."

>> https://web.nvd.nist...d=CVE-2016-4171
Last revised: 06/16/2016 - "...  vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016..."
___

ColdFusion Hotfixes available
* https://helpx.adobe..../apsb16-22.html
June 14, 2016
CVE number: CVE-2016-4159
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2016-4159). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section...
Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions...
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
- ColdFusion (2016 release): http://helpx.adobe.c...6-update-2.html
- ColdFusion 11: http://helpx.adobe.c...1-update-9.html
- ColdFusion 10: http://helpx.adobe.c...-update-20.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide..."

- http://www.securityt....com/id/1036098
CVE Reference: CVE-2016-4159
Jun 14 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11, 2016 ...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (ColdFusion 10 Update 20, ColdFusion 11 Update 9, ColdFusion (2016 release) Update 2)...
___
 
- https://blogs.adobe.com/psirt/?p=1361
"Adobe has published security bulletins for the Adobe DNG SDK (APSB16-19), Adobe Brackets (APSB16-20), Adobe Creative Cloud Desktop Application (APSB16-21) and ColdFusion (APSB16-22*). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin..."
Adobe DNG SDK: https://helpx.adobe..../apsb16-19.html
Adobe Brackets: https://helpx.adobe..../apsb16-20.html
Adobe Creative Cloud Desktop Application:
- https://helpx.adobe..../apsb16-21.html
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 16 June 2016 - 10:42 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#157 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 16 June 2016 - 11:38 AM

FYI...

Flash 22.0.0.192 released
- https://helpx.adobe..../apsb16-18.html
June 16, 2016
CVE number: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135, CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139, CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143, CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks...
Solution: ...
• Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.192 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
• Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.360 by visiting http://helpx.adobe.c...r-versions.html.
• Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.626 by visiting the Adobe Flash Player Download Center.
• Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.192 for Windows, Macintosh, Linux and Chrome OS.
• Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.192.
• Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...22_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...r_22_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/
___

Adobe AIR 22.0.0.153 released
- https://helpx.adobe..../apsb16-23.html
June 16, 2016
CVE number: CVE-2016-4126
Platform: Windows
Summary: Adobe has released a security update for Adobe AIR for Windows. This update addresses a vulnerability in the directory search path used by the AIR installer that could potentially allow an attacker to take control of the affected system...
Solution: ...Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 22.0.0.153 by visiting the AIR download center* or the AIR developer center**...
* http://get.adobe.com/air/

** http://www.adobe.com...k-download.html
 

:ph34r: :ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#158 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 12 July 2016 - 11:13 AM

FYI...

Flash 22.0.0.209 released
- https://helpx.adobe..../apsb16-25.html
July 12, 2016
CVE number: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...  
• Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 22.0.0.209 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
• Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.366 by visiting:
> http://helpx.adobe.c...r-versions.html.
• Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.632 by visiting the Adobe Flash Player Download Center.
• Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.0.0.209 for Windows, Macintosh, Linux and Chrome OS.
• Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 22.0.0.209.
Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...22_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...r_22_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1036280
CVE Reference: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249
Jul 12 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 22.0.0.192 and prior ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can bypass security controls on the target system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (22.0.0.209, ESR 18.0.0.366); 11.2.202.632 for Linux...
___
 
Adobe Acrobat/Reader 11.0.17, 15.017.20050, 15.006.30198 updates
- https://helpx.adobe..../apsb16-26.html
Last Updated: July 12, 2016
CVE numbers: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
[See: 'Affected Versions'...]
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader...

Acrobat for Windows: https://www.adobe.co...latform=Windows
7/12/2016
Acrobat for Macintosh: https://www.adobe.co...=1&platform=Mac
7/12/2016

- http://www.securityt....com/id/1036281
CVE Reference: CVE-2016-4189, CVE-2016-4190, CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252
Jul 12 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 15.016.20045 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (11.0.17 ,15.006.30198, 15.017.20050)...
___

Adobe XMP Toolkit for Java
- https://helpx.adobe..../apsb16-24.html
July 12, 2016
CVE number: CVE-2016-4216
Platform: All
Summary: Adobe has released a security update for the Adobe XMP Toolkit for Java. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-4216)...
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version by following the instructions below:
Adobe XMP Toolkit for Java - 5.1.3 - All
Adobe XMP toolkit for Java users can download the updated version via the following download page:
> http://www.adobe.com/devnet/xmp.html...
Adobe expects the updated version to be available during the week of July 11, 2016..."
___

> https://www.us-cert....ecurity-Updates
July 12, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 July 2016 - 03:33 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#159 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 09 August 2016 - 11:10 AM

FYI...

Adobe Experience Manager - hotfixes available
- https://helpx.adobe..../apsb16-27.html
Aug 9, 2016
Summary: Adobe has released security hotfixes for Adobe Experience Manager. These hotfixes resolve two important input validation issues that could be used in cross-site scripting attacks (CVE-2016-4168 and CVE-2016-4170), an important vulnerability in backup functionality that could lead to information disclosure (CVE-2016-4253), and an important vulnerability that could disclose audit log events to unprivileged users (CVE-2016-4169)...
Solution: Adobe recommends customers with on-premise deployments install the available hotfixes referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1, 6.0 or 5.6.1...
(Download links at the URL above.)
___

- http://www.securityt....com/id/1036563
CVE Reference: CVE-2016-4168, CVE-2016-4169, CVE-2016-4170, CVE-2016-4253
Aug 9 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6.1, 6.0, 6.1, 6.2 ...
Impact: A remote user can obtain potentially sensitive information on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Experience Manager software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (Hotfix 10936 for 5.6.1, Hotfix 10936 for 6.0, Hotfix 10936 for 6.1, Hotfix 10936 for 6.2)...
___

> https://helpx.adobe.com/security.html
 

:ph34r:


Edited by AplusWebMaster, 10 August 2016 - 07:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#160 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 30 August 2016 - 03:11 PM

FYI...

Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe..../apsb16-30.html
Aug 30, 2016
CVE number: CVE-2016-4264
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10 and 11. These hotfixes resolve a critical vulnerability that could lead to information disclosure (CVE-2016-4264). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below.
Affected Versions / Platform
ColdFusion 11     Update 9 and earlier versions     All
ColdFusion 10     Update 20 and earlier versions     All
Note: The ColdFusion 2016 release is not affected by CVE-2016-4264.  
Solution: Adobe categorizes this hotfix with the following priority rating and recommends users update their installations to the newest versions:
Product     Hotfix Version     Platform  Priority rating     Availability
ColdFusion 11     Update 10     All       2             Tech note: http://helpx.adobe.c...-update-10.html
ColdFusion 10     Update 21     All       2               Tech note: https://helpx.adobe....-update-21.html
Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.c...-update-10.html
ColdFusion 10: http://helpx.adobe.c...-update-21.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guide...
Revisions:
Sep 1, 2016: As of September 1, Adobe is aware of publicly available proof-of-concept code, and we have modified the priority of these hotfixes from Priority 2 to Priority 1.
___

- http://www.securityt....com/id/1036708
CVE Reference: CVE-2016-4264
Aug 31 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10 Update 20 and prior, 11 Update 9 and prior ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (10 Update 21, 11 Update 10)...
___

- https://www.us-cert....ates-ColdFusion
Aug 30, 2016
 

:ph34r:


Edited by AplusWebMaster, 10 September 2016 - 02:12 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#161 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 13 September 2016 - 11:19 AM

FYI...

Flash 23.0.0.162 released
- https://helpx.adobe..../apsb16-29.html
Sep 13, 2016
CVE number: CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.162 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.375 by visiting: http://helpx.adobe.c...r-versions.html
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.635 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.162 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.162.
- Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...23_active_x.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...r_23_plugin.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1036791
CVE Reference: CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932
Sep 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 22.0.0.211 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (23.0.0.162, ESR 18.0.0.375; 11.2.202.635 for Linux)...
___

AIR 23.0.0.257 released
- https://helpx.adobe..../apsb16-31.html
Sep 13, 2016
CVE number: CVE-2016-6936
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe AIR SDK & Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update... recommends users update their installation to the newest version:
Adobe Air SDK & Compiler 23.0.0.257 Windows ...

AIR v23.0: https://get.adobe.com/air/

AIR Developer Center: https://www.adobe.co...k-download.html

- http://www.securityt....com/id/1036792
CVE Reference: CVE-2016-6936
Sep 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 22.0.0.153 and prior ...
Impact: A remote user can obtain potentially runtime analytic information communicated by target Android-based systems.
Solution: The vendor has issued a fix (23.0.0.257)...
___

Adobe Digital Editions 4.5.2 released
- https://helpx.adobe..../apsb16-28.html
Sep 13, 2016
CVE numbers: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
Platform: Windows, Macintosh, iOS and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution.
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:
Adobe Digital Editions     4.5.2
Windows: https://www.adobe.co...s/download.html

Macintosh: https://www.adobe.co...s/download.html

iOS: iTunes: https://itunes.apple...d952977781?mt=8
Playstore: https://play.google....digitaleditions

- http://www.securityt....com/id/1036793
CVE Reference: CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263
Sep 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.5.1 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (4.5.2)...
___

- https://www.us-cert....ecurity-Updates
Sep 13, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 14 September 2016 - 06:50 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#162 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 11 October 2016 - 10:39 AM

FYI...

Flash 23.0.0.185 released
- https://helpx.adobe..../apsb16-32.html
Oct 11, 2016
CVE number: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Platform: Windows, Macintosh, Linux and ChromeOS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.185 via the update mechanism within the product when prompted [1], or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.382 by visiting http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.637 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.185 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.185.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://helpx.adobe....ash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1036985
CVE Reference: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Oct 11 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 23.0.0.162 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (23.0.0.185; ESR 18.0.0.382; 11.2.202.637 for Linux)...
___

Acrobat / Reader 15.020.20039 released
- https://helpx.adobe..../apsb16-33.html
Oct 11, 2016
CVE numbers: CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below.
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader
For IT administrators (managed environments):
- Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/
or refer to the specific release note version for links to installers.
- Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH.

>> https://www.adobe.co...wnloads/new.jsp

Acrobat for Windows: https://www.adobe.co...latform=Windows

Adobe Reader for Windows: https://www.adobe.co...latform=Windows
___

Creative Cloud 3.8.0.310 released
- https://helpx.adobe..../apsb16-34.html
Oct 11, 2016
CVE number: CVE-2016-6935
Platform: Windows
Summary: Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an unquoted search path vulnerability in the Creative Cloud Desktop Application...
Solution: Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Creative Cloud Desktop Application - Creative Cloud 3.8.0.310 - Windows
For more details, visit: https://www.adobe.co...esktop-app.html
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here:
> https://helpx.adobe....d-licenses.html
Refer to this help page* for more information on the Creative Cloud Packager.
* https://helpx.adobe....d/packager.html
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 12 October 2016 - 04:29 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#163 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 26 October 2016 - 12:35 PM

FYI...

Flash 23.0.0.205 released
- https://helpx.adobe..../apsb16-36.html
Oct 26, 2016
CVE number: CVE-2016-7855
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.205 via the update mechanism within the product [1], or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.643 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.205 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.205.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe

Flash test site: https://www.adobe.co...re/flash/about/

> The final release of the ESR occurred on October 11, 2016 and it is now discontinued.
___

- http://www.securityt....com/id/1037111
CVE Reference: https://cve.mitre.or...e=CVE-2016-7855
Oct 26 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 23.0.0.185 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (23.0.0.205; 11.2.202.643 for Linux)...
___

- https://www.adobe.co...loads.html#fp15
10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 26 October 2016 - 03:56 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#164 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 08 November 2016 - 11:12 AM

FYI...

Flash 23.0.0.207 released
- https://helpx.adobe..../apsb16-37.html
Nov 8, 2016
CVE number: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 23.0.0.207 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: http://www.adobe.com/go/getflash
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.644 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 23.0.0.207 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 23.0.0.207.
-Please visit the Flash Player Help page* for assistance in installing Flash Player.
* https://helpx.adobe....ash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1037240
CVE Reference: CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
Nov 8 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 23.0.0.205 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (23.0.0.207 for Windows and Mac, 11.2.202.644 for Linux)...
___

Adobe Connect 9.5.7 released
- https://helpx.adobe..../apsb16-35.html
Nov 8, 2016
CVE number: CVE-2016-7851
Platform: Windows
Summary: Adobe has released a security update for Adobe Connect for Windows. This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks. Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below...
Solution: Adobe recommends customers update the Connect instance to the newest version by following the instructions below.
Note: This issue will be automatically resolved for Connect customers using Adobe's hosted services once the account is upgraded to Connect 9.5.7...
Release Notes: Adobe Connect 9.5.7 is a maintenance release and is available as a patch. It fixes several issues to make the user workflows smoother...
Adobe Connect Help: http://helpx.adobe.c...be-connect.html
Adobe Connect Support: http://www.adobe.com...tedsupport.html

- http://www.securityt....com/id/1037239
CVE Reference: CVE-2016-7851
Nov 8 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5.6 and prior...
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.5.7).
___

- https://www.us-cert....ecurity-Updates
Nov 8, 2016
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 09 November 2016 - 05:30 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#165 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 13 December 2016 - 12:40 PM

FYI...

Flash 24.0.0.186 released
- https://helpx.adobe..../apsb16-39.html
Dec 13, 2016
CVE number: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows...
Solution: ... Adobe recommends users of the  Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 24.0.0.186 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 24.0.0.186 by visiting the Adobe Flash Player Download Center
- http://www.adobe.com/go/getflash
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.186 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.186.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1037442
CVE Reference: CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Dec 13 2016
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 23.0.0.207 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (24.0.0.186)...
___

Adobe Animate 16.0.0.112 realeased
- https://helpx.adobe..../apsb16-38.html
Dec 13, 2016
CVE number: CVE-2016-7866
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Animate for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
> https://creative.ado...ownload/animate
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information...
___

Adobe Experience Manager Forms
- https://helpx.adobe..../apsb16-40.html
Dec 13, 2016
CVE number: CVE-2016-6933, CVE-2016-6934
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve two important input validation issues that could be used in cross-site scripting attacks...
Solution:... recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team:
> https://helpx.adobe....ct-support.html
___

Adobe DNG Converter 9.8
- https://helpx.adobe..../apsb16-41.html
Dec 13, 2016
CVE number: CVE-2016-7856
Platform: Windows and Macintosh
Summary: Adobe has released a security update for the Adobe DNG Converter for Windows and Macintosh. This update resolves a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version...
For more information, please reference the release notes:
- https://blogs.adobe....-available.html
___

Adobe Experience Manager
- https://helpx.adobe..../apsb16-42.html
Dec 13, 2016
CVE number: CVE-2016-7882, CVE-2016-7883, CVE-2016-7884, CVE-2016-7885
Platform: Windows, Unix, Linux and OS X
Summary: Adobe has released security updates for Adobe Experience Manager. These updates resolve three important input validation issues that could be used in cross-site scripting attacks (CVE-2016-7882, CVE-2016-7883 and CVE-2016-7884), and include an update to protect users from an important Cross-Site Request Forgery vulnerability (CVE-2016-7885)...
Solution: Adobe recommends customers with on-premise deployments install the available updates referenced below. Furthermore, customers should review and implement the steps outlined in the Security Checklists for versions 6.2, 6.1 or 6.0...

6.0: https://docs.adobe.c...-checklist.html
6.1: https://docs.adobe.c...-checklist.html
6.2: https://docs.adobe.c...-checklist.html
___

Security updates available for InDesign
- https://helpx.adobe..../apsb16-43.html
Dec 13, 2016
CVE number: CVE-2016-7886
Platform: Windows and Macintosh
Summary: Adobe has released security updates for InDesign for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability...
Solution: ... recommends users update their installation to the newest version:
InDesign 12.0.0    Windows and Macintosh:
Relase Notes: https://helpx.adobe....gn-cc-2017.html
InDesign Server 12.0.0     Windows and Macintosh
Release Notes: https://helpx.adobe....ease-notes.html
___

ColdFusion Builder
- https://helpx.adobe..../apsb16-44.html
Dec 13, 2016
CVE number: CVE-2016-7887
Platforms: Windows, Linux and Macintosh
Summary: Adobe has released a security update for ColdFusion Builder for Windows, Linux, and Macintosh. This update resolves an important vulnerability that could lead to information disclosure (CVE-2016-7887)...
Solution: ... recommends users update their installations to the newest versions:
ColdFusion Builder 2016    Update 3 - Tech note:
> https://helpx.adobe....6-update-3.html
ColdFusion Builder 3.0     3.0.3 Hotfix - Tech note:
> https://helpx.adobe....r-3-update.html
___

Adobe Digital Editions 4.5.3
- https://helpx.adobe..../apsb16-45.html
Dec 13, 2016
CVE numbers: CVE-2016-7888, CVE-2016-7889
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves an important vulnerability that could result in a memory address leak, and an important XML parsing vulnerability that could lead to information disclosure...
Solution: Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version 4.5.3 ...
Customers using Adobe Digital Editions 4.5.2 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.co...s/download.html
For more information, please reference the release notes:
- http://www.adobe.com...ease-notes.html
___

Security update available for RoboHelp 2015.0.4
- https://helpx.adobe..../apsb16-46.html
Dec 13, 2016
CVE number: CVE-2016-7891
Platforms: Windows
Summary: Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation issue that could be used in cross-site scripting attacks...
Download: https://www.adobe.co.../downloads.html
Tech note: https://helpx.adobe....nerability.html
Release notes: https://www.adobe.co..._0_1_ReadMe.pdf
KB article: https://helpx.adobe....nerability.html
 

:ph34r: :ph34r: :ph34r:


Edited by AplusWebMaster, 14 December 2016 - 10:54 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#166 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 06 January 2017 - 11:38 AM

FYI...

Prenotification - Advisory for Adobe Acrobat/Reader
- https://helpx.adobe..../apsb17-01.html
Jan 5, 2017
Platform: Windows and Macintosh
CVE-2016-6937
Summary: Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and Macintosh on Tuesday, January 10, 2017..."

- https://www.adobe.co...latform=Windows

- https://www.adobe.co...latform=Windows
 

:ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#167 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 10 January 2017 - 11:19 AM

FYI...

Adobe Flash 24.0.0.194 released
- https://helpx.adobe..../apsb17-02.html
Jan 10, 2017
CVE numbers: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...  
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to 24.0.0.194 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.194 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.194.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1037570
CVE Reference: CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938
Jan 10 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 24.0.0.186 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (24.0.0.194)...
___

Adobe Acrobat/Reader updates released
- https://helpx.adobe..../apsb17-01.html
Jan 10, 2017
CVE numbers: CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center:
> http://get.adobe.com/reader

Updated Versions:
Acrobat DC/Reader DC: 15.023.20053
Acrobat DC Classic/Reader DC Classic: 15.006.30279
Acrobat XI Desktop/Reader XI Desktop: 11.0.19

Acrobat: https://www.adobe.co...wnloads/new.jsp

Reader: https://www.adobe.co...latform=Windows

- http://www.securityt....com/id/1037574
CVE Reference: CVE-2016-6937, CVE-2017-2939, CVE-2017-2940, CVE-2017-2941, CVE-2017-2942, CVE-2017-2943, CVE-2017-2944, CVE-2017-2945, CVE-2017-2946, CVE-2017-2947, CVE-2017-2948, CVE-2017-2949, CVE-2017-2950, CVE-2017-2951, CVE-2017-2952, CVE-2017-2953, CVE-2017-2954, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2959, CVE-2017-2960, CVE-2017-2961, CVE-2017-2962, CVE-2017-2963, CVE-2017-2964, CVE-2017-2965, CVE-2017-2966, CVE-2017-2967
Jan 10 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass security controls on the target system.
Solution: The vendor has issued a fix (11.0.19, 15.006.30279)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 10 January 2017 - 04:37 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#168 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 25 February 2017 - 08:42 AM

FYI...

Flash 24.0.0.221 released
- https://helpx.adobe..../apsb17-04.html
Feb 14, 2017
CVE number: CVE-2017-2982,CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988,CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 24.0.0.221 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 24.0.0.221 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 24.0.0.221.
- Please visit the Flash Player Help page for assistance in installing Flash Player.
[1] Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...
 
For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1037815
CVE Reference: CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996
Feb 14 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): 24.0.0.194 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (24.0.0.221)...
___

Adobe Digital Editions 4.5.4 released
- https://helpx.adobe..../apsb17-05.html
Feb 14, 2017
CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981    
Platform: Windows, Macintosh and Android
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak...
Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page*, or utilize the product’s update mechanism when prompted.
* https://www.adobe.co...s/download.html
For more information, please reference the release notes**."
** http://www.adobe.com...ease-notes.html

- http://www.securityt....com/id/1037816
CVE Reference: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981
Feb 14 2017
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): 4.5.3 and prior...
Impact: A remote user can execute arbitrary code on the target system.
Solution: The vendor has issued a fix (4.5.4)...
___

Adobe Campaign updates released
- https://helpx.adobe..../apsb17-06.html
Feb 14, 2017
CVE number: CVE-2017-2968, CVE-2017-2969
Platform: Windows and Linux
Summary: Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves a moderate security bypass affecting the Adobe Campaign client console. An authenticated user with access to the client console could upload and execute a malicious file, potentially resulting in read and write access to the system (CVE-2017-2968). This update also resolves a moderate input validation issue that could be used in cross-site scripting attacks (CVE-2017-2969)...
Solution: Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version...
Release Notes: https://docs.campaig...en/RN.html#8757
- Customers may refer to the FAQ* for instructions on downloading the latest build.
* https://docs.campaig...ges(changelog)?
For customers with Adobe Campaign 16.4 Build 8724 and earlier, please refer to the documentation page** for instructions to resolve CVE-2017-2968 by restricting uploads by file type.
** http://docs.campaign...ploadable_files
Please refer to this documentation page*** for assistance in upgrading Adobe Campaign server, and this documentation page for assistance in upgrading the Client Console.
*** https://docs.campaig...nt_console.html
 

:ph34r: :ph34r: :ph34r:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#169 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 14 March 2017 - 10:43 AM

FYI...

Flash 25.0.0.127 released
- https://helpx.adobe..../apsb17-07.html
Mar 14, 2017
CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.127 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.127 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.127.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1037994
CVE Reference: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003
Mar 14 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 24.0.0.221 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (25.0.0.127)...
___

Shockwave Player 12.2.8.198 released
- https://helpx.adobe..../apsb17-08.html
Mar 14, 2017
CVE number: CVE-2017-2983
Platform: Windows
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an?important vulnerability that could potentially lead to escalation of privilege...
Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.7.197 and earlier versions for Windows update to Adobe Shockwave Player 12.2.8.198 by visiting the Adobe Shockwave Player Download Center:
- https://get.adobe.com/shockwave/

- http://www.securityt....com/id/1037993
CVE Reference: CVE-2017-2983
Mar 14 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.2.7.197 and prior ...
Impact: A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix (12.2.8.198)...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 15 March 2017 - 04:47 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#170 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 10 April 2017 - 01:06 PM

FYI...

Prenotification Security Advisory for Adobe Acrobat and Reader
- https://helpx.adobe..../apsb17-11.html
April 6, 2017 - "Summary: Adobe is planning to release security updates for Adobe Acrobat and Reader

for Windows and Macintosh on Tuesday, April 11, 2017..."
 

:ninja:


.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#171 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 11 April 2017 - 10:42 AM

FYI...

Flash 25.0.0.148 released
- https://helpx.adobe..../apsb17-10.html
April 11, 2017
CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Platform: Windows, Macintosh, Linux and Chrome OS ...
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...  
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.148 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.148 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.148.
Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1038225
CVE Reference: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Apr 11 2017
Fix Available:  Yes  Vendor Confirmed:  Yes
Version(s): 25.0.0.127 and prior...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.148)...
___

Adobe Acrobat and Reader Updates
- https://helpx.adobe..../apsb17-11.html
April 11, 2017
CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017,
CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052,
CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Platform: Windows and Macintosh ...
Solution: Adobe recommends users update their software installations to the latest versions by following the
instructions below.
The latest product versions are available to end users via one of the following methods:
> Users can update their product installations manually by choosing Help > Check for Updates. The products will update automatically, without requiring user intervention, when updates are detected.
The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
- https://get.adobe.com/reader/
For IT administrators (managed environments):
> Download the enterprise installers from ftp://ftp.adobe.com/pub/adobe/or refer to the specific release note version for links to installers.
Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on Macintosh, Apple Remote Desktop and SSH...
For more information on Acrobat DC, please visit the Acrobat DC FAQ page:
- https://helpx.adobe....crobat/faq.html
For more information on Acrobat Reader DC, please visit the Acrobat Reader DC FAQ page:
- https://helpx.adobe....reader/faq.html
Acrobat for Windows
> http://supportdownlo...latform=Windows
Reader for Windows
> http://supportdownlo...latform=Windows
Acrobat for Macintosh
> http://supportdownlo...=1&platform=Mac
Reader for Macintosh
> http://supportdownlo...10&platform=Mac

- http://www.securityt....com/id/1038228
CVE Reference: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Fix Available:  Yes  Vendor Confirmed:  Yes
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (Classic 2015.006.30306, Continuous 2017.009.20044, XI 11.0.20)...
___

Adobe Photoshop CC
- https://helpx.adobe..../apsb17-12.html
April 11, 2017
CVE number: CVE-2017-3004, CVE-2017-3005
Platform: Windows and Macintosh...
___

Creative Cloud Desktop Application
- https://helpx.adobe..../apsb17-13.html
April 11, 2017
CVE number: CVE-2017-3006, CVE-2017-3007
Platform: Windows
___

Adobe Campaign
- https://helpx.adobe..../apsb17-09.html
April 11, 2017
CVE number: CVE-2017-2989
Platform: Windows and Linux
___

Qualys analysis:
- https://blog.qualys....toshop-in-april
April 11, 2017 - "Adobe released -five- security bulletins today... Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take complete control of user’s computer if the user views malicious flash content hosted by the attacker. Although flash based exploit kit activity has reduced as compared to last year we still recommend updating this first..."
___

- https://www.us-cert....ecurity-Updates
April 11, 2017
 

:ninja: :ninja: :ninja: :ninja:


Edited by AplusWebMaster, 12 April 2017 - 02:10 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#172 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 26 April 2017 - 05:47 AM

FYI...

ColdFusion Hotfixes available
- https://helpx.adobe..../apsb17-14.html
April 25, 2017
CVE number: CVE-2017-3008, CVE-2017-3066
Platforms: All
Summary: Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066). Adobe recommends that customers apply the appropriate hotfix using the instructions provided in the "Solution" section below...
Solution: ... Adobe recommends that ColdFusion customers update their installation using the instructions provided in the relevant tech notes:
ColdFusion (2016 release): http://helpx.adobe.c...6-update-4.html
ColdFusion 11: http://helpx.adobe.c...-update-12.html
ColdFusion 10: http://helpx.adobe.c...-update-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the respective Lockdown guides.
ColdFusion (2016 release) Lockdown guide:
- http://wwwimages.ado...kdown-guide.pdf
ColdFusion 11 Lockdown Guide :
- https://www.adobe.co...kdown-guide.pdf
ColdFusion 10 Lockdown Guide:
- https://www.adobe.co...kdown-guide.pdf

- http://www.securityt....com/id/1038364
CVE Reference: CVE-2017-3008, CVE-2017-3066
Apr 26 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11, 2016 ...
Impact: A remote user can execute arbitrary code on the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (10 Update 23, 11 Update 12, 2016 Update 4)...
___

- https://www.us-cert....ates-ColdFusion
April 26, 2017
 

:ninja: :ninja:


Edited by AplusWebMaster, 26 April 2017 - 11:52 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#173 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 09 May 2017 - 10:26 AM

FYI...

Flash 25.0.0.171 released
- https://helpx.adobe..../apsb17-15.html
May 9, 2017
CVE number: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
Platform: Windows, Macintosh, Linux and Chrome OS
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...  
Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 25.0.0.171 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center...
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 25.0.0.171 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 25.0.0.171.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
> https://helpx.adobe....ash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted...

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1038427
CVE Reference: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
May 9 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 25.0.0.148 and prior (Windows/Linux); 25.0.0.163 and prior (Mac)...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (25.0.0.171)...
___

Adobe Experience Manager Forms
- https://helpx.adobe..../apsb17-16.html
May 9, 2017
CVE number: CVE-2017-3067
Platform: Windows, Linux, Solaris and AIX
Summary: Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms...
Solution: Adobe categorizes these updates with the following priority rating, and recommends customers with on premise deployments install the available updates referenced below with the help of Adobe Marketing Cloud Customer Care team.
Adobe Experience Manager Forms 6.2     6.2 SP1 CFP3     Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe....e-fix-pack.html
Adobe Experience Manager Forms 6.1     6.1 SP2 CFP8     Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe....-fix-pack-.html
Adobe Experience Manager Forms 6.0     HotFix 2.0.58     Windows, Linux, Solaris and AIX
Release Notes: https://helpx.adobe....orm-2-0-58.html

- http://www.securityt....com/id/1038428
CVE Reference: CVE-2017-3067
May 9 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0, 6.1, 6.2 ...
Impact: A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (6.0 HotFix 2.0.58, 6.1 SP2 CFP8, 6.2 SP1 CFP3)...
 

:ninja: :ninja:


Edited by AplusWebMaster, 10 May 2017 - 05:47 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#174 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 13 June 2017 - 10:12 AM

FYI...

Flash 26.0.0.126 released
- https://helpx.adobe..../apsb17-17.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...  
Solution: ...
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.126 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.126 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.120.
 Please visit the Flash Player Help page* for assistance in installing Flash Player.
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."
* https://helpx.adobe....ash-player.html

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

- http://www.securityt....com/id/1038655
CVE Reference: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3081, CVE-2017-3082, CVE-2017-3083, CVE-2017-3084
Jun 13 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 25.0.0.171 and prior ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (26.0.0.126)...
___

Shockwave 12.2.9.199 released
- https://helpx.adobe..../apsb17-18.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical  memory corruption vulnerability that could lead to code execution...
Adobe recommends users of Adobe Shockwave Player 12.2.8.198 and earlier versions for Windows update to Adobe Shockwave Player 12.2.9.199 by visiting the Adobe Shockwave Player Download Center:
> https://get.adobe.com/shockwave/
___

Adobe Captivate 10.0.0.192
- https://helpx.adobe..../apsb17-19.html
Jun 13, 2017
Summary: Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate...
10.0.0.192: https://helpx.adobe....ease-notes.html
Tech note: https://helpx.adobe....-captivate.html
___

Adobe Digital Editions 4.5.5
- https://helpx.adobe..../apsb17-20.html
Jun 13, 2017
Summary: Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses...
Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
Adobe Digital Editions 4.5.5
Windows: https://www.adobe.co...s/download.html
Macintosh: https://www.adobe.co...s/download.html
iOS: https://itunes.apple...d952977781?mt=8
Android: https://play.google....digitaleditions
 

:ninja: :ninja: :ninja:


Edited by AplusWebMaster, 13 June 2017 - 04:37 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#175 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 23 June 2017 - 02:34 PM

FYI...

Flash 26.0.0.131 released

Yours may have -automatically- updated to 26,0,0,131 - check here:
> https://get.adobe.co...shplayer/about/
... 'should read:
"You have version 26,0,0,131 installed" - if NOT, use the -manual- downloads below!
[ALL browsers installed on your system]

> https://helpx.adobe....ease_notes.html
June 16, 2017 - "In today's release, we've updated Flash Player to address a bug that was impacting some Flash content. If you are having problems interacting with mouse button presses or drag and drop actions, we recommend you update..."
___

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe
___

Ref: http://www.computerw...-an-update.html
Jun 18, 2017
___

Flash Player Download Center
> https://get.adobe.com/flashplayer/
Version 26.0.0.131
 

:ninja:


Edited by AplusWebMaster, 27 June 2017 - 09:45 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#176 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 11 July 2017 - 09:29 AM

FYI...

Flash 26.0.0.137 released
- https://helpx.adobe..../apsb17-21.html
July 11, 2017
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...  
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product [1] or by visiting the Adobe Flash Player Download Center: https://get.adobe.com/flashplayer/
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 26.0.0.137 for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player installed with Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 26.0.0.137.
- Please visit the Flash Player Help page for assistance in installing Flash Player:
- https://chl-author-p...ash-player.html
[1] Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted..."

For I/E - some versions get 'Automatic' updates:
- https://fpdownload.m...h_player_ax.exe
For Firefox and other Plugin-based browsers:
- https://fpdownload.m...lash_player.exe
For Chrome:
- https://fpdownload.m...layer_ppapi.exe

Flash test site: https://www.adobe.co...re/flash/about/

 

- http://www.securityt....com/id/1038845
CVE Reference: CVE-2017-3080, CVE-2017-3099, CVE-2017-3100
Jul 11 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 26.0.0.131 and before...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information on the target system.
Solution: The vendor has issued a fix (26.0.0.137)...
___

Adobe Connect 9.6.2 released
- https://helpx.adobe..../apsb17-22.html
July 11, 2017
"Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101)...
> https://helpx.adobe....ease-notes.html
"... Adobe Connect 9.6.2 will be rolled out in phases:
On-premise: Adobe Connect 9.6.2 installer for customer on-premise deployments (all supported locales): Jun 26th, 2017
Hosted: Adobe Connect 9.6.2 service hosted by Adobe: Starting Jun 19th, 2017
Managed Services: Adobe-managed customer-specific cloud deployment of Adobe Connect: Updates are scheduled based on customer requirements. Reach out to your Adobe Connect managed services representative to schedule your update..."

- http://www.securityt....com/id/1038846
CVE Reference: CVE-2017-3101, CVE-2017-3102, CVE-2017-3103
Jul 11 2017
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.6.1 and before...
Impact: A remote user can conduct clickjacking attacks.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe Connect software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution: The vendor has issued a fix (9.6.2)...
 

:ninja: :ninja:


Edited by AplusWebMaster, 11 July 2017 - 02:56 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#177 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,888 posts

Posted 25 July 2017 - 03:34 PM

FYI...

Adobe Flash - EOL end of 2020
- https://blogs.adobe....ash-update.html
July 25, 2017 - "... as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web... Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats..."

... i.e.: HTML5, WebGL and WebAssembly.
 

:db:


Edited by AplusWebMaster, 25 July 2017 - 03:35 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





4 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


    Magpie (3)
Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!