Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Adobe updates/advisories


  • Please log in to reply
137 replies to this topic

#136 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,513 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 14 October 2014 - 02:44 PM

FYI...

Flash 15.0.0.189 released
- https://helpx.adobe..../apsb14-22.html
Oct 14, 2014
CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/

AIR download:
- http://get.adobe.com/air/

- http://www.securityt....com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.c.../apsb14-22.html
___

ColdFusion hotfixes available
- https://helpx.adobe..../apsb14-23.html
Oct 14, 2014
CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Platform: All Platforms
Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.  These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
Affected software versions:
ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.c...-apsb14-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
___

- http://www.securityt....com/id/1031020
CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Oct 14 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
Solution: The vendor has issued a hotfix.
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 14 October 2014 - 10:17 PM.


#137 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,513 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 11 November 2014 - 02:50 PM

FYI...

Flash 15.0.0.223 released
- https://helpx.adobe..../apsb14-24.html
Nov 11, 2014
CVE number: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/

AIR download:
- http://get.adobe.com/air/
___

- http://www.securityt....com/id/1031182
CVE Reference: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Nov 11 2014
Impact: Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Solution: The vendor has issued a fix (15.0.0.223 for Windows/Mac, ESR 13.0.0.252, 11.2.202.418 for Linux)...
 

:ph34r:


Edited by AplusWebMaster, 11 November 2014 - 06:19 PM.


#138 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,513 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Yesterday, 05:26 PM

FYI...

UPDATE: https://www.f-secure...s/00002768.html
Nov 25, 2014 - "... the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569)... Kafeine* reported Angler exploiting this vulnerability... followed by Astrum and Nuclear exploit kits..."
* http://malware.dontn...-2014-0569.html

Flash 15.0.0.239 released
- https://helpx.adobe..../apsb14-26.html
November 25, 2014
CVE number: https://web.nvd.nist...d=CVE-2014-8439
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release (reference http://helpx.adobe.c.../apsb14-22.html).  
- Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.258.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.424.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
Affected software versions
- Adobe Flash Player 15.0.0.223 and earlier versions
- Adobe Flash Player 13.0.0.252 and earlier 13.x versions
-  Adobe Flash Player 11.2.202.418 and earlier versions for Linux
- To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.239 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.258 by visiting http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.424 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.239 on Windows and 15.0.0.242 on Macintosh.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.239...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/
___

- http://www.securityt....com/id/1031259
https://web.nvd.nist...d=CVE-2014-8439
Nov 25 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.0.0.239 ...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, Today, 11:12 AM.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users