Security and Privacyadobe http://hijack-this.co.uk My ramblings on how to protect yourself online Thu, 12 Aug 2010 07:31:02 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Adobe Issues Critical Updates To Flash, AIR – Security Watch http://hijack-this.co.uk/2009/12/adobe-issues-critical-updates-to-flash-air-security-watch/ http://hijack-this.co.uk/2009/12/adobe-issues-critical-updates-to-flash-air-security-watch/#comments Thu, 10 Dec 2009 09:11:25 +0000 derek http://hijack-this.co.uk/?p=276 Adobe released new versions of Flash and AIR today to address vulnerabilities in both products. Applying these updates as soon as practicable is a good idea, as Flash vulnerabilities are popular exploit vehicles in the wild.

Click here to install Flash 10.0.42.34.

Click here to install AIR 1.5.3.

The expanded security advisory explains that critical vulnerabilities could provoke crashes or remote code execution. Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions on all platforms are vulnerable.

7 new vulnerabilities are described cursorily. A patch to an eighth and older vulnerability is also updated. Adobe issues thanks to 6 different researchers for the help they provided with the vulnerabilities.

The advisory also adds that Flash Player version 10.1, which Adobe expects to release in the first half of 2010, will be the last to support PowerPC-based G3 Macs. They are discontinuing support, including security updates, past that version because they are implementing performance enhancements not supported in those processors.

Here is no comments yet by the time your rss reader get this, Do you want to be the first commentor? Hurry up

Share/Bookmark

]]> http://hijack-this.co.uk/2009/12/adobe-issues-critical-updates-to-flash-air-security-watch/feed/ 0 Adobe Shockwave Player Multiple Vulnerabilities http://hijack-this.co.uk/2009/11/adobe-shockwave-player-multiple-vulnerabilities/ http://hijack-this.co.uk/2009/11/adobe-shockwave-player-multiple-vulnerabilities/#comments Fri, 06 Nov 2009 08:28:06 +0000 derek http://hijack-this.co.uk/?p=204  Affected: Adobe Shockwave Player versions 11.x

Description: Adobe Shockwave Player, with over 450 million users, is a multimedia player that allows Adobe Director applications to be published and viewed by a browser that is installed with a Shockwave plug-in.

 Multiple vulnerabilities have been reported in Adobe Shockwave Player, which be triggered by a specially crafted Shockwave content.  There is a error in the way the invalid index is used.  There are also a couple of issues caused by the inappropriate use of the invalid pointer.  And the last issue is a memory corruption error when processing string lengths.

 In all the cases successful exploitation might allow an attacker to execute arbitrary code in the context of the logged on user.

There is not enough public information about these vulnerabilities.

Status: Vendor confirmed, updates available.

References:

 Adobe Security Bulletin (APSB09-16)  http://www.adobe.com/support/security/bulletins/apsb09-16.html

Wikipedia Article on Adobe Shockwave  http://en.wikipedia.org/wiki/

Adobe_Shockwave Product Home Page  http://www.adobe.com/products/shockwaveplayer/

 SecurityFocus BID http://www.securityfocus.com/bid/36905

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/
Remember: You need to install shockwave in Every Browser you use separately, if you wish to use it in your browser

Here is no comments yet by the time your rss reader get this, Do you want to be the first commentor? Hurry up

Share/Bookmark

]]> http://hijack-this.co.uk/2009/11/adobe-shockwave-player-multiple-vulnerabilities/feed/ 0