adobe Archive

Adobe Flash player Update 27 March 2012

By derek | Filed in adobe, browser, Chrome, Exploits, firefox, Malware, Security advice, updates, Warnings and Alerts, Windows

There seems to have been a security update to 11.2.202.228 but I can find no release notes or information why the update has been issued except general gossip to say to fix undisclosed vulnerabilities

Some users have reported problems with installing the update via adobe web based install so an alternative method is to use the full installers on http://www.adobe.com/products/flashplayer/distribution3.html

I understand that some antiviruses including Eset/Nod have conflicts with the adobe web based installer

Edit:
details here
http://forums.adobe.com/message/4296259

it isn’t a security fix but a whole new version of flashplayer with additional capabilities

Share
Be the first to comment

June 2011 Adobe updates

By derek | Filed in adobe, browser, Exploits, Malware, Privacy, updates, Warnings and Alerts

As if you needed more updates this week…

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

Share

Another new URGENT Adobe flash security update

By derek | Filed in adobe, Apple, browser, Chrome, Exploits, firefox, Malware, microsoft, mozilla, updates, Warnings and Alerts

http://www.adobe.com/support/security/bulletins/apsb11-13.html
An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX). Adobe expects to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

Adobe is still investigating the impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems. Adobe is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

RoboForm: Learn more...
Share

Flash Player update

By derek | Filed in adobe, updates

New version of Adobe Flash Player!
It’s 10.2.156.32 and available at the ‘usual’ URL; http://get.adobe.com/flashplayer/

No change log or other details yet so unknown whether a bug fix on recent 10.2.156.26 release or whether a new security vulnerability has been found & quietly fixed

Share

Adobe Reader Update Scam

By derek | Filed in adobe, Exploits, Malware, Phishing, Privacy, Rogue Software, scams, spam, Warnings and Alerts


There are about to be updates issued for Adobe reader to plug security holes and vulnerabilities. The scammers have jumped in on the act and are sending emails pretending to be from an Adobe update service.

Adobe PDF scam email

If you are foolish enough to follow the links then you end up on a scam site trying to sell you an unknown PDF reader, BUT the sting is that you don’t just download & try it or even buy it outright. Oh no ! you have to create a membership and give all your details before you even find out how much is being taken from your bank or credit card.


Don’t fall for it and only update Adobe reader from the official Adobe site, when the actual Update is released ( It is expected in Early October 2010)
Or of course use an alternative PDF reader of your choice, Just be aware that PDF vulnerabilities do affect all PDF readers and some might not get updated as quickly as others. Just because you use an alternative doesn’t mean that you are immune or safe from vulnerabilities in Adobe products

Share
Tags: , , , ,

Adobe Issues Critical Updates To Flash, AIR – Security Watch

By derek | Filed in adobe, Apple, browser, Exploits, microsoft, updates

Adobe released new versions of Flash and AIR today to address vulnerabilities in both products. Applying these updates as soon as practicable is a good idea, as Flash vulnerabilities are popular exploit vehicles in the wild.

Click here to install Flash 10.0.42.34.

Click here to install AIR 1.5.3.

The expanded security advisory explains that critical vulnerabilities could provoke crashes or remote code execution. Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions on all platforms are vulnerable.

7 new vulnerabilities are described cursorily. A patch to an eighth and older vulnerability is also updated. Adobe issues thanks to 6 different researchers for the help they provided with the vulnerabilities.

The advisory also adds that Flash Player version 10.1, which Adobe expects to release in the first half of 2010, will be the last to support PowerPC-based G3 Macs. They are discontinuing support, including security updates, past that version because they are implementing performance enhancements not supported in those processors.

Share
Tags: ,

Adobe Shockwave Player Multiple Vulnerabilities

By derek | Filed in adobe, browser, Exploits, Malware, updates, Warnings and Alerts

 Affected: Adobe Shockwave Player versions 11.x

Description: Adobe Shockwave Player, with over 450 million users, is a multimedia player that allows Adobe Director applications to be published and viewed by a browser that is installed with a Shockwave plug-in.

 Multiple vulnerabilities have been reported in Adobe Shockwave Player, which be triggered by a specially crafted Shockwave content.  There is a error in the way the invalid index is used.  There are also a couple of issues caused by the inappropriate use of the invalid pointer.  And the last issue is a memory corruption error when processing string lengths.

 In all the cases successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user.

There is not enough public information about these vulnerabilities.

Status: Vendor confirmed, updates available.

References:

 Adobe Security Bulletin (APSB09-16)  http://www.adobe.com/support/security/bulletins/apsb09-16.html

Wikipedia Article on Adobe Shockwave  http://en.wikipedia.org/wiki/

Adobe_Shockwave Product Home Page  http://www.adobe.com/products/shockwaveplayer/

 SecurityFocus BID http://www.securityfocus.com/bid/36905

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Remember: You need to install shockwave in Every Browser you use separately, if you wish to use it in your browser

RoboForm: Learn more...
Share