Tag Archive | Adobe

Security: Adobe Flash Player updated

Adobe has issued an update to plug security holes in its Flash Player software this week including fixes for at least 17 vulnerabilities in the program and in Adobe Air.

With Flash being among the top exploits in the wild we strongly recommend you uninstall Adobe Flash when possible. Should you need Flash for specific functions we recommend using a secondary browser with Flash enabled while leaving it disabled in your primary browser.

Security updates available for Adobe Flash Player

Adobe on Monday released security updates across multiple platforms that address vulnerabilities in Flash and AIR, some of which are deemed critical. Users should download the updates immediately.

Source: Adobehttps://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Adobe issues security updates for ColdFusion v10 / v11

According to Adobe the hotfix includes an updated version of BlazeDS, which addresses a vulnerability that could result in information disclosure.  Adobe recommends users apply the hotfix available for their version.

ColdFusion 10 Update

ColdFusion 11 Update

Adobe Flash Player and AIR updated

Adobe released Flash Player and AIR updates that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.

Windows and Macintosh users should update Flash Player to version 18.0.0.232

Adobe releases emergency Flash patch

Adobe Systems has issued an emergency update for its Flash media player to patch two critical zero-day vulnerabilities that allow attackers to install malware on end-user computers.

Flash Patch

Shockwave Patch

Acrobat and Reader Patch

Ransomeware exploit targeting Adobe Flash

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit.

The remote code execution vulnerability (CVE-2015-3113) allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Windows 7 Users and XP Users (And we hope you are not one…) need to ensure they are up to date with Adobe Flash patches.

Adobe releases patch for exploited Flash vulnerability

Adobe has published a Security Bulletin for the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3113). The new Security Bulletin, APSB15-14, identifies a heap buffer overflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged reports of this vulnerability being exploited in the wild in limited targeted attacks.

The following versions of Adobe Flash Player are vulnerable:

  • Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Mac OS X
  • Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Mac OS X
  • Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux

Source: Adobe

Adobe plugs critical bugs in Reader, Acrobat and Flash Player

This week, Adobe patched multiple critical vulnerabilities affecting Flash Player, Reader and Acrobat.

Flash for Windows, Macintosh and Linux users resolved 18 unique bugs, an Adobe security bulletin revealed, including four memory corruption vulnerabilities and a heap overflow vulnerability that could lead to code execution. An integer overflow bug, type confusion vulnerability and use-after-free vulnerability were also among the plugged holes, which could allow code execution if left open.

Thirty four fixes were applied to Adobe Reader and Acrobat were also addressed on Tuesday.

Source: Adobe

Adobe Flash Updated: 11 Vulnerabilities patched

Those using Flash Player desktop runtime for Windows and Macintosh can update to version 17.0.0.134.

Flash Player’s installed on Chrome, Internet Explorer and Windows 8.x will automatically update. The vulnerabilities affecting Windows and Macintosh users were given the most severe priority rating, which indicate the vulnerabilities are currently being targeted by attackers.

The fixes resolve memory corruption, type confusion, integer overflow, and use-after-free flaws, which all lead to code execution, in addition bugs that would allow for cross-domain policy bypass and file upload policy bypass.

Adobe emergency Zero Day fix released for Flash

Adobe released an emergency fix for a critical vulnerability in Flash Player – one of two zero-day flaws in the product which had been actively exploited in the past week. Users should install this at their earliest convenience.

Source: Adobe