207 replies to this topic

[AplusWebMaster]

FYI...

Flash 15.0.0.189 released
- https://helpx.adobe..../apsb14-22.html
Oct 14, 2014
CVE number: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/

AIR download:
- http://get.adobe.com/air/

- http://www.securityt....com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.c.../apsb14-22.html
___

ColdFusion hotfixes available
- https://helpx.adobe..../apsb14-23.html
Oct 14, 2014
CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Platform: All Platforms
Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.  These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
Affected software versions:
ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.c...-apsb14-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
___

- http://www.securityt....com/id/1031020
CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Oct 14 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
Solution: The vendor has issued a hotfix.
 

Edited by AplusWebMaster, 14 October 2014 - 10:17 PM.

[AplusWebMaster]

FYI...

Flash 15.0.0.223 released
- https://helpx.adobe..../apsb14-24.html
Nov 11, 2014
CVE number: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.252.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.356.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.356.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.356...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/

AIR download:
- http://get.adobe.com/air/
___

- http://www.securityt....com/id/1031182
CVE Reference: CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0583, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8437, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441, CVE-2014-8442
Nov 11 2014
Impact: Disclosure of authentication information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Solution: The vendor has issued a fix (15.0.0.223 for Windows/Mac, ESR 13.0.0.252, 11.2.202.418 for Linux)...
 

Edited by AplusWebMaster, 11 November 2014 - 06:19 PM.

[AplusWebMaster]

FYI...

UPDATE: https://www.f-secure...s/00002768.html
Nov 25, 2014 - "... the exploit didn’t match any of the vulnerabilities patched in APSB14-22 (CVE-2014-0558, CVE-2014-0564, or CVE-2014-0569)... Kafeine* reported Angler exploiting this vulnerability... followed by Astrum and Nuclear exploit kits..."
* http://malware.dontn...-2014-0569.html

Flash 15.0.0.239 released
- https://helpx.adobe..../apsb14-26.html
November 25, 2014
CVE number: https://web.nvd.nist...d=CVE-2014-8439 -  7.5 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates provide additional hardening against CVE-2014-8439, which was mitigated in the October 14, 2014 release (reference http://helpx.adobe.c.../apsb14-22.html).  
- Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.239.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.258.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.424.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x will be automatically updated to the current version.
Affected software versions
- Adobe Flash Player 15.0.0.223 and earlier versions
- Adobe Flash Player 13.0.0.252 and earlier 13.x versions
-  Adobe Flash Player 11.2.202.418 and earlier versions for Linux
- To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.239 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.258 by visiting http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.424 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.239 on Windows and 15.0.0.242 on Macintosh.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.239...

For I/E:
- http://download.macr...15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macr...r_15_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/
___

- http://www.securityt....com/id/1031259
https://web.nvd.nist...d=CVE-2014-8439 -  7.5 (HIGH)
Nov 25 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 15.0.0.239 ...
 

Edited by AplusWebMaster, 26 November 2014 - 07:35 PM.

[AplusWebMaster]

FYI...

Adobe Prenotification Security Advisory for Reader / Acrobat
- https://helpx.adobe..../apsb14-28.html
Dec 4, 2014 - "Summary: Adobe is planning to release security updates on Tuesday, December 9, 2014 for Adobe Reader and Acrobat for Windows and Macintosh. Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at:
- http://blogs.adobe.com/psirt
(Note: This Security Advisory will be replaced with the Security Bulletin upon release of the update.)
Affected software versions
    Adobe Reader XI (11.0.09) and earlier versions
    Adobe Reader X (10.1.12) and earlier versions
    Adobe Acrobat XI (11.0.09) and earlier versions
    Adobe Acrobat X (10.1.12) and earlier versions .
 

[AplusWebMaster]

FYI...

Flash 16.0.0.235 released
- https://helpx.adobe..../apsb14-27.html
Dec 9, 2014
CVE number: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.
Note: Users who have been updated to version 15.0.0.246 are not affected by CVE-2014-9163.
Affected software versions:
 Adobe Flash Player 15.0.0.242 and earlier versions
 Adobe Flash Player 13.0.0.258 and earlier 13.x versions
 Adobe Flash Player 11.2.202.424 and earlier versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.235 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.259 by visiting http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.425 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.235.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.235...

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site:
- http://www.adobe.com...re/flash/about/

- http://www.securityt....com/id/1031316
CVE Reference: CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164
Dec 9 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 13.0.0.258 and prior 13.x versions; 15.0.0.242 and prior; 11.2.202.424 and prior for Linux...
Solution: The vendor has issued a fix (16.0.0.235 for Windows/Mac, 13.0.0.259 ESR, 11.2.202.425 for Linux).
___

Adobe Reader/Acrobat 11.0.10 released
- https://helpx.adobe..../apsb14-28.html
Dec 9, 2014
CVE numbers: CVE-2014-9165, CVE-2014-8445, CVE-2014-9150, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9158, CVE-2014-9159
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Reader X (10.1.12) and earlier versions should update to version 10.1.13.
- Users of Adobe Acrobat XI (11.0.09) and earlier versions should update to version 11.0.10.
- Users of Adobe Acrobat X (10.1.12) and earlier versions should update to version 10.1.13.
Affected software versions:
 Adobe Reader XI (11.0.09) and earlier 11.x versions
 Adobe Reader X (10.1.12) and earlier 10.x versions
 Adobe Acrobat XI (11.0.09) and earlier 11.x versions
 Adobe Acrobat X (10.1.12) and earlier 10.x versions
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:
- http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:
- http://www.adobe.com...tform=Macintosh
Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
- http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:
- http://www.adobe.com...tform=Macintosh

- http://www.securityt....com/id/1031322
CVE Reference: CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-9150, CVE-2014-9165
Dec 9 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.1.12 and prior 10.x; 11.0.09 and prior 11.x ..
Solution: The vendor has issued a fix (10.1.13, 11.0.10).
___

ColdFusion Hotfixes available
- https://helpx.adobe..../apsb14-29.html
Dec 9, 2014
CVE numbers: CVE-2014-9166
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address a resource consumption issue that could potentially result in a denial of service. ColdFusion 9.x versions are not affected by this issue.
Affected software versions: ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
- ColdFusion 11: http://helpx.adobe.c...1-update-3.html
- ColdFusion 10: http://helpx.adobe.c...-update-15.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide.
... These hotfixes address a resource consumption issue that could potentially result in a denial of service (CVE-2014-9166)...

- http://www.securityt....com/id/1031321
CVE Reference: CVE-2014-9166
Dec 9 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11
Description: A vulnerability was reported in Adobe ColdFusion. A remote user can cause denial of service conditions.
Solution: The vendor has issued a fix (10 Update 15, 11 Update 3).
 

Edited by AplusWebMaster, 10 December 2014 - 11:22 AM.

[AplusWebMaster]

FYI..

Flash 16.0.0.257 released
- https://helpx.adobe..../apsb15-01.html
Jan 13, 2015
CVE number: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.257.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.260.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.429.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.257.
- Users of the Adobe AIR desktop runtime should update to version 16.0.0.245.
- Users of the Adobe AIR SDK and AIR SDK and Compiler should update to version 16.0.0.272.
- Users of Adobe AIR for Android should update to version 16.0.0.272...

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

AIR download:
- http://get.adobe.com/air/

NOTE: IF you are running Malwarebytes Anti-Exploit, at the moment there seems to be a conflict with this Flash download that needs resolution w/MBAE or vice-versa - until it is resolved, you may need to temporarily disable MBAE during the Flash download until it is.
___

- http://www.securityt....com/id/1031525
CVE Reference: CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309
Jan 13 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (16.0.0.257 for Windows and Mac, ESR 13.0.0.260, 11.2.202.429 for Linux)...
 

Edited by AplusWebMaster, 13 January 2015 - 03:34 PM.

[AplusWebMaster]

FYI...

Flash 16.0.0.287 released
- https://helpx.adobe..../apsb15-02.html
Jan 22, 2015
CVE number: https://web.nvd.nist...d=CVE-2015-0310
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, we are investigating reports that a -separate- exploit for Flash Player 16.0.0.287 and earlier also exists in the wild. For the latest information, please refer to the PSIRT blog here*.  
* http://blogs.adobe.com/psirt/
Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.287.
Affected software versions
- Adobe Flash Player 16.0.0.257 and earlier versions
- Adobe Flash Player 13.0.0.260 and earlier 13.x versions
- Adobe Flash Player 11.2.202.429 and earlier versions for Linux
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.287 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.262 by visiting:
- http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.438 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.287.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.287.

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

- https://helpx.adobe..../apsa15-01.html
Updated: Jan 22, 2015 - "... We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below. Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26..."
___

- http://www.securityt....com/id/1031609
CVE Reference: https://cve.mitre.or...e=CVE-2015-0310
Jan 22 2015
Impact: Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
This vulnerability is being actively exploited...
Version(s): 16.0.0.257 and prior; 13.0.0.260 and prior 13.x versions ...
Solution: The vendor has issued a fix (16.0.0.287, ESR 13.0.0.262)...
 

Edited by AplusWebMaster, 24 January 2015 - 07:32 AM.

[AplusWebMaster]

FYI...

Flash 16.0.0.296 available
- https://helpx.adobe..../apsa15-01.html
Updated: Jan 24, 2015
Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11...
Revisions
January 24, 2015: Updated to include Flash Player version delivered via auto-update.   
January 24, 2015: Updated to reflect reports that Windows 8.1 is also affected by CVE-2015-0311.
- https://web.nvd.nist...d=CVE-2015-0311 - 10.0 (HIGH)
Last revised: 01/26/2015 - "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."

>> https://www.adobe.co...tribution3.html

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

- https://isc.sans.edu...om Adobe/19229/
Last Updated: 2015-01-25 02:58:36 UTC See 'Comments'...
___

- https://www.us-cert....be-Flash-Player
Jan 26, 2015
> https://web.nvd.nist...d=CVE-2015-0311 - 10.0 (HIGH)

 

Edited by AplusWebMaster, 27 January 2015 - 10:03 AM.

[AplusWebMaster]

FYI...

Flash 16.0.0.296 ...
- https://helpx.adobe..../apsb15-03.html
Jan 27, 2015
CVE numbers:
- https://web.nvd.nist...d=CVE-2015-0311 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2015-0312 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0311 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.296.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.264.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.440.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.296.

>> https://www.adobe.co...tribution3.html

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

- https://isc.sans.edu...l?storyid=19249
Last Updated: 2015-01-28 20:23:05 UTC - "... Given that we are seeing exploits in the wild, the criticality of this exploit should be re-evaluated for prioritization and implementation..."
___

- http://www.securityt....com/id/1031634
CVE Reference: https://web.nvd.nist...d=CVE-2015-0312 - 10.0 (HIGH)
Jan 27 2015
 

Edited by AplusWebMaster, 29 January 2015 - 11:56 PM.

[AplusWebMaster]

FYI...

Flash 16.0.0.305 ...
- https://helpx.adobe..../apsa15-02.html
Last updated: Feb 4, 2015 - updated to include Flash Player version delivered via auto-update.   
CVE number: https://web.nvd.nist...d=CVE-2015-0313 -  10.0 (HIGH)
UPDATE (February 4): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February -5- and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post*.
* https://forums.adobe.../thread/1152367
___

- https://helpx.adobe..../apsb15-04.html
Feb 5, 2015
CVE number: CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-0313 is actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.305.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.269.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.442.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 16.0.0.305...
Solution: Adobe recommends users update their software installations by following the instructions below:
- Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 16.0.0.305 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.269 by visiting http://helpx.adobe.c...r-versions.html.
- Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.442 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.305.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.305...
Revisions: Feb 19, 2015: Added reference to CVE-2015-0331, which was resolved in 16.0.0.305, 13.0.0.269 and 11.2.202.442 but inadvertently omitted from the bulletin.

For IE:
- http://download.macr...16_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_16_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/
__

- http://atlas.arbor.n...dex#-1434008395
Feb 05, 2015 20:35 - "... a malvertising-directed compromise campaign involving the Angler exploit kit distributing the exploit code from approximately 1800 -malicious- sub-domains...
As of February 5 2015, the CVE-2015-0311 has been incorporated into another exploit kit known as Sweet Orange [ https://twitter.com/...7826048/photo/1 ]. Organizations should ensure that robust patching and hardening tactics are used in order to prevent exploitation from commodity exploit kits as well as targeted attacks."
___

- http://www.securityt....com/id/1031706
CVE Reference: CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330
Feb 5 2015
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 16.0.0.296 and prior (Windows/Mac); 13.0.0.264 and prior 13.x; 11.2.202.440 and prior (Linux)...
Solution: The vendor has issued a fix (16.0.0.305, ESR 13.0.0.269, 11.2.202.442 for Linux).
The vendor's advisory is available at:
- https://helpx.adobe..../apsb15-04.html
 

Edited by AplusWebMaster, 10 March 2015 - 02:07 PM.

[AplusWebMaster]

FYI...

Flash 17.0.0.134 ...
- https://helpx.adobe..../apsb15-05.html
Mar 12, 2015
CVE number: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.134.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.451.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.134...

For IE:
- http://download.macr...17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_17_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/
___

- http://www.securityt....com/id/1031922
CVE Reference: CVE-2015-0332, CVE-2015-0333, CVE-2015-0334, CVE-2015-0335, CVE-2015-0336, CVE-2015-0337, CVE-2015-0338, CVE-2015-0339, CVE-2015-0340, CVE-2015-0341, CVE-2015-0342
Mar 13 2015
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 16.0.0.305 and prior...
Solution: The vendor has issued a fix (17.0.0.134, ESR 13.0.0.277, 11.2.202.451 for Linux).
 

Edited by AplusWebMaster, 13 March 2015 - 05:58 AM.

[AplusWebMaster]

FYI...

Flash v17.0.0.169 released
- https://helpx.adobe..../apsb15-06.html
April 14, 2015
CVE number: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.169.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.281.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.457.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.169 when available...

For IE:
- http://download.macr...17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_17_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

- http://www.securityt....com/id/1032105
CVE Reference: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355
Apr 14 2015
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 17.0.0.134 and prior, 13.0.0.277 and prior 13.x versions, 11.2.202.451 and prior 11.x versions...

Several memory corruption errors may occur [CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043].

Solution: The vendor has issued a fix (17.0.0.169, 13.0.0.281 ESR, 11.2.202.457 for Linux)...

- https://web.nvd.nist...d=CVE-2015-3043- 10.0 (HIGH)
Last revised: 04/15/2015 - "... as exploited in the wild in April 2015..."

___

Security Update: Hotfixes available for ColdFusion
- https://helpx.adobe..../apsb15-07.html
April 14, 2015
CVE numbers: CVE-2015-0345
Platform: All
Summary: Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address an input validation issue that could be used in a reflected cross-site scripting attack.
Affected software versions:
ColdFusion 11 and 10
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
ColdFusion 11: http://helpx.adobe.c...1-update-5.html
ColdFusion 10: http://helpx.adobe.c...-update-16.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."
- http://www.securityt....com/id/1032106
CVE Reference: CVE-2015-0345
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10, 11
Solution: The vendor has issued hotfixes (10 Update 16, 11 Update 5)...
___

Security vulnerability in output of Adobe Flex ASdoc Tool
- https://helpx.adobe..../apsb15-08.html
April 14, 2015
CVE number: CVE-2015-1773
Platform: All Platforms
Summary: An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions.  This vulnerability could lead to reflected cross-site scripting.  Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.
Affected software versions: Adobe Flex 4.6 and earlier versions
Solution: Adobe recommends users follow the steps below to remediate this issue:
- Download the index.html file available here:
> https://git-wip-us.a...s/heads/develop
- Apply any modifications to the existing index.html file (ex. update the page title)
- Deploy the results to the web site
- http://www.securityt....com/id/1032107
CVE Reference: CVE-2015-1773
Apr 14 2015
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information...
Version(s): 4.6 and prior...
Solution: The vendor has issued a fix...
 

Edited by AplusWebMaster, 22 April 2015 - 07:05 AM.

[AplusWebMaster]

FYI...

- https://blogs.adobe.com/psirt/?p=1193
May 7, 2015

Prenotification Security Advisory for Adobe Reader
- https://helpx.adobe..../apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Reader for Windows and Macintosh...
Affected software versions:
• Adobe Reader XI (11.0.10) and earlier 11.x versions
• Adobe Reader X (10.1.13) and earlier 10.x versions...
These updates address critical vulnerabilities in the software...

Prenotification Security Advisory for Adobe Acrobat
- https://helpx.adobe..../apsb15-10.html
May 7, 2015 - "Summary: Adobe is planning to release security updates on Tuesday, May 12, 2015 for Adobe Acrobat for Windows and Macintosh...
Affected software versions:
• Adobe Acrobat XI (11.0.10) and earlier versions
• Adobe Acrobat X (10.1.13) and earlier versions...
These updates address critical vulnerabilities in the software...
 

[AplusWebMaster]

FYI...

Flash Playe 17.0.0.188 released
- https://helpx.adobe..../apsb15-09.html
May 12, 2015
CVE number: CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 17.0.0.188.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.289.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.460.
- Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.188.
- Users of the Adobe AIR desktop runtime should update to version 17.0.0.172.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 17.0.0.172...

For IE:
- http://download.macr...17_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_17_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

AIR: http://get.adobe.com/air/

- http://www.securityt....com/id/1032285
CVE Reference: CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 17.0.0.169 and prior; other versions affected...
Solution: The vendor has issued a fix (17.0.0.188; 13.0.0.289 ESR; 11.2.202.460 for Linux).
___

Adobe Reader 11.0.11 10.1.14, Acrobat  11.0.11 10.1.14 released
- https://helpx.adobe..../apsb15-10.html
May 12, 2015
CVE Numbers: CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047...
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system.  Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Reader X (10.1.13) and earlier versions should update to version 10.1.14.
- Users of Adobe Acrobat XI (11.0.10) and earlier versions should update to version 11.0.11.
- Users of Adobe Acrobat X (10.1.13) and earlier versions should update to version 10.1.14...
Solution: Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can find the appropriate update here:

- http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can find the appropriate update here:

- http://www.adobe.com...tform=Macintosh

Adobe Acrobat: The product's default update mechanism is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can find the appropriate update here:

- http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can find the appropriate update here:

- http://www.adobe.com...tform=Macintosh

- http://www.securityt....com/id/1032284
CVE Reference: CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076
May 12 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 10.1.13 and prior 10.x versions, 11.0.10 and prior 11.x versions
Solution: The vendor has issued a fix (10.1.14, 11.0.11).
 

Edited by AplusWebMaster, 13 May 2015 - 05:20 AM.

[AplusWebMaster]

FYI...

Flash 18.0.0.160 released
- https://helpx.adobe..../apsb15-11.html
June 9, 2015
CVE number: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update to Adobe Flash Player 18.0.0.160.
- Users of the Adobe Flash Player Extended Support Release for Windows and Macintosh should update to Adobe Flash Player 13.0.0.292. *
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.466.
- Adobe Flash Player installed with Google Chrome will automatically update to version 18.0.0.160 (Windows and Linux) and 18.0.0.161 (Macintosh).
- Adobe Flash Player installed with Internet Explorer on Windows 8.x will automatically update to version 18.0.0.160.
- Users of the Adobe AIR Desktop Runtime should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 18.0.0.143 (Macintosh) and 18.0.0.144 (Windows).
- Users of Adobe AIR for Android should update to version 18.0.0.143...  

For IE:
-  http://download.macr...18_active_x.exe
For Firefox and other Plugin-based browsers:
- http://download.macr...r_18_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/

AIR: http://get.adobe.com/air/
___

- http://www.securityt....com/id/1032519
CVE Reference: CVE-2015-3096, CVE-2015-3097, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3101, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
Jun 9 2015
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 17.0.0.188 and prior...
Solution: The vendor has issued a fix (18.0.0.160 for Mac/Windows, 13.0.0.292 ESR, 11.2.202.466 for Linux).
 

Edited by AplusWebMaster, 12 June 2015 - 09:51 AM.