Archive | Adobe RSS for this section

Adobe Product Updates

Adobe just released its monthly security updates and this month the company patched vulnerabilities in three products — Adobe Flash Player, Adobe ColdFusion, and Adobe RoboHelp. Adobe patched eight security bugs ; two in Flash Player, four in ColdFusion, and two in RoboHelp.

Adobe Flash Vulnerabilities

This week there are multiple Adobe Flash vulnerabilities to be aware of. Users should ensure they are at the latest version.

  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
  • Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution.

Adobe Acrobat Chrome extension vulnerability

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.

Adobe has released a security update for the Adobe Acrobat extension for Chrome. This update addresses a cross-site scripting vulnerability rated important that could potentially lead to javascript execution in the browser.

Adobe patches Flash 0 day

There is a new Adobe Flash Player update that  closes 25 security holes, all of which could lead to remote code execution. Updating your Flash player should be done as soon as possible – especially as an exploit for the zero-day vulnerability (CVE-2016-4117) exists and is currently used in the wild.

Adobe releases Updates for Reader, Acrobat, Coldfusion, Releases advisory for Flash

Adobe

Adobe has released security updates for Adobe Acrobat and Reader resolving 92 security vulnerabilities. The Coldfusion update patches 3 vulnerabilities that could lead to cross-site scripting attacks or Java deserialization.  In addition to these updates Adobe also released an advisory for a critical vulnerability (CVE-2016-4117) in Adobe Flash that could cause a crash and potentially allow an attacker to take control of the affected system.  This vulnerability affects all users of Adobe Flash Player 21.0.0.226 and earlier versions.

Adobe Security Bulletin:CVE-2016-1019

Adobe released an updated security advisory earlier this week regarding a critical vulnerability that exists in Adobe Flash Player 21.0.0.197 and earlier versions. This vulnerability affects Windows, Macintosh, Linux, and Chrome OS and could cause the browser to crash or possibly allow for remote code execution, Adobe has introduced in Flash Player 21.0.0.182 a mitigation that protects users against attackers that attempt to exploit this vulnerability, but during today, the company is expected to release a security update. Users are advised to upgrade Flash Player in the moment a new update is released, and in case they haven’t done this yet, they can go to the Adobe Flash Player Download Center and download the software from there, and install it in each browser.

 

Adobe

Adobe vulnerabilty patch released

Adobe  vulnerability (CVE-2015-8651) affects Flash Player in Windows, Mac OS X, Linux and ChromeOS and that an immediate patch needed to be issued.

Affected versions are:

  • Adobe Flash Player Desktop Runtime versions 20.0.0.235 and earlier for Windows and Macintosh
  • Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
  • Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
  • Adobe Flash Player Desktop Runtime versions 20.0.0.235 and earlier for Windows and Macintosh
  • Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
  • Adobe Flash Player for Google Chrome versions 20.0.0.228 and earlier for Windows, Macintosh, Linux and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 20.0.0.228 and earlier for Windows 10.
  • Adobe Flash Player for Internet Explorer 10 and 11 versions 20.0.0.228 and earlier for Windows 8.0 and 8.1

Source: Adobe