207 replies to this topic

[AplusWebMaster]

FYI...

Flash Player v11.2.202.233 released
- https://www.adobe.co.../apsb12-07.html
... Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).
April 5, 2012 - Added information on CVE-2012-0724, CVE-2012-0725 and corresponding Google Chrome release.
- http://web.nvd.nist....d=CVE-2012-0724 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-0725 - 10.0 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
___

- http://helpx.adobe.c...1_20120305.html
Last updated 2012-04-13
... Current Runtime Release Version(s): Flash Player Desktop: 11.2.202.233
Fixed Issues: Printing to local printer generates unusably large print jobs (3158836)...
.. ??

Download: https://www.adobe.co...tribution3.html
___

Flash test site: http://www.adobe.com...re/flash/about/

[AplusWebMaster]

FYI...

Flash Player v11.2.202.235 released - 0-day Fix
- https://www.adobe.co.../apsb12-09.html
May 4, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-0779
Platform: All Platforms
Summary: ... an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows* only. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235... Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9...
* Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible...
> https://blogs.adobe....-apsb12-09.html

Download: https://www.adobe.co...tribution3.html

Android: https://market.andro...obe.flashplayer
___

Flash test site: http://www.adobe.com...re/flash/about/

Flash Player update closes critical object confusion hole
Severity: High Severity
- http://atlas.arbor.net/briefs/
Published: Monday, May 07, 2012
Adobe Flash update addresses critical security hole.
Analysis: This vulnerability has been used in active attacks although they are apparently not widespread attacks. Attackers will often use newer vulnerabilities and 0days on special targets of high value first. At some point, the exploit code will leak or a post-compromise analysis will reveal the vulnerability and/or the exploit involved and then the gates open for more compromise activity by others with a variety of motives.
Source: http://h-online.com/-1568704

- https://www.us-cert...._advisory_for14
May 4, 2012

- http://www.securityt....com/id/1027023
May 4 2012 - "... vulnerability is being actively exploited against Flash Player on Internet Explorer in targeted cases. Microsoft Vulnerability Research (MSVR) reported this vulnerability..."

- http://www.symantec....n-cve-2012-0779
May 5, 2012 - "... we have identified multiple targets across manufacturers of products used by the defense industry, but this is likely to change in the coming days...
Some of the subject lines observed in this campaign:
• [EMAIL USERNAME], The disclosure of [REDACTED] secret weapon deals with the Middle East
• [EMAIL USERNAME], I heard about the consolidation of [REDACTED], is that true?
• [COMPANY NAME] is in the unpromising situation after acquisition by [COMPANY]
• Invitation Letter to [REDACTED] 2012
• some questions about [REDACTED]
• China-Russia Joint Military Exercises
• FOR more information
A sampling of file names for the documents used in this campaign:
• Consolidation Schedule.doc
• [COMPANY NAME REDACTED].doc
• [REDACTED] Invitation Letter to [REDACTED] 2012
• questions about your course.doc
• military exercise details.doc ..."
> http://www.symantec....es/image2AJ.png

Edited by AplusWebMaster, 09 May 2012 - 04:43 AM.

[AplusWebMaster]

FYI...

Adobe Black Tuesday for May 2012
___

APSB12-13 Security update available for Adobe Shockwave Player
- https://www.adobe.co.../apsb12-13.html
5/8/2012
CVE number: CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, CVE-2012-2033
Platform: Windows and Macintosh
... security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635... available here: http://get.adobe.com/shockwave/ ... addresses -critical- vulnerabilities in the software....

APSB12-12 Security bulletin for Adobe Flash Pro
- https://www.adobe.co.../apsb12-12.html
5/8/2012
CVE number: CVE-2012-0778
Platform: Windows and Macintosh
... security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has released Adobe Flash Professional CS6, which addresses this vulnerability... (paid upgrade)... addresses a -critical- vulnerability in the software...

APSB12-11 Security bulletin for Adobe Photoshop
- https://www.adobe.co.../apsb12-11.html
5/8/2012
CVE number: CVE-2012-2027, CVE-2012-2028
Platform: Windows and Macintosh
... security upgrade for Adobe Photoshop CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities... (paid upgrade)... could lead to code execution CVE-2012-2027, Bugtraq ID 52634, which references: http://www.securityf....com/bid/52634/ This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028)... addresses a -critical- vulnerability in the software...

APSB12-10 Security bulletin for Adobe Illustrator
- https://www.adobe.co.../apsb12-10.html
5/8/2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026
Platform: Windows and Macintosh
... security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities... (paid upgrade)... addresses -critical- vulnerabilities in the software...
___

- https://secunia.com/advisories/49086/ - Shockwave Player
- https://secunia.com/advisories/47116/ - Flash Pro
- https://secunia.com/advisories/48457/ - Photoshop
- https://secunia.com/advisories/47118/ - Illustrator

- http://www.securityt....com/id/1027037 - Shockwave Player
- http://www.securityt....com/id/1027045 - Flash Pro
- http://www.securityt....com/id/1027046 - Photoshop
- http://www.securityt....com/id/1027047 - Illustrator

Edited by AplusWebMaster, 09 May 2012 - 03:32 PM.

[AplusWebMaster]

FYI...

Adobe to release patches for CS5.x ...
- http://h-online.com/-1574341
12 May 2012 - "Adobe has announced* – through changes to the security advisories it issued earlier this week – that it is developing patches for the critical holes in the CS5.x versions of Adobe Photoshop, Illustrator and Flash Professional, after previously advising users that they needed to buy the just-released CS6 versions of the applications... Adobe has given no schedule for the availability of patches. In the original 8 May advisories, the company had said only that users of these products would need to purchase the upgrade from the CS5 and CS5.5 versions to the, just shipping on 7 May, CS6 versions to close the critical holes they were detailing; a move that was seen as effectively charging for security fixes..."
* https://blogs.adobe....-apsb12-12.html
May 11, 2012 - "... We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available..."
___

Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability
- https://secunia.com/advisories/49160/
Release Date: 2012-05-15
Criticality level: Highly critical
Solution Status: Unpatched...

Adobe Photoshop...
- http://securitytracker.com/id/1027063
Date: May 15 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): CS5.1; possibly other versions...

Edited by AplusWebMaster, 15 May 2012 - 03:49 PM.

[AplusWebMaster]

FYI...

Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) released
- https://www.adobe.co.../apsb12-10.html
Last updated: June 4, 2012
CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042
Platform: Windows and Macintosh
"... Adobe has released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities highlighted in this security bulletin... users can find the appropriate update for their version/platform here:
Adobe Illustrator CS5 (15.0.3) for Windows
- http://download.adob...ator_15.0.3.zip
Adobe Illustrator CS5 (15.0.3) for Macintosh
- http://download.adob...ator_15.0.3.dmg
Adobe Illustrator CS5.5 (15.1.1) for Windows
- http://download.adob...ator_15.1.1.zip
Adobe Illustrator CS5.5 (15.1.1) for Macintosh
- http://download.adob...ator_15.1.1.dmg ..."

Adobe Photoshop vCS5 (12.0.5) and vCS5.1 (12.1.1) released
- https://www.adobe.co.../apsb12-11.html
Last updated: June 4, 2012
CVE number: CVE-2012-2027, CVE-2012-2028, CVE-2012-2052
Platform: Windows and Macintosh
"... Adobe has released Adobe Photoshop CS5 (12.0.5) and Adobe Photoshop CS5.1 (12.1.1) to address the vulnerabilities highlighted in this security bulletin... Adobe recommends... customers update their product installations by following the instructions provided in the the technote:
http://helpx.adobe.c...-photoshop.html ..."

[AplusWebMaster]

FYI...

Flash Player v11.3.300.257 - AIR v3.3.0.3610 released
- https://www.adobe.co.../apsb12-14.html
June 8, 2012
CVE number:
- http://web.nvd.nist....d=CVE-2012-2034 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2035 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2036 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2037 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2038 - 5.0
- http://web.nvd.nist....d=CVE-2012-2039 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2040 - 7.2 (HIGH)
Platform: All Platforms
Summary: Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 19.0.1084.56, which includes Adobe Flash Player 11.3.300.257.
- Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9.
- Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10.
> https://krebsonsecur...113-600x157.png

Download: https://www.adobe.co...tribution3.html

Android: https://market.andro...obe.flashplayer

Flash test site: http://www.adobe.com...re/flash/about/
___

- Users of Adobe AIR 3.2.0.2070 for Windows, Macintosh and Android should update to Adobe AIR 3.3.0.3610...
Adobe recommends users of Adobe AIR 3.2.0.207 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 3.3.0.3610:
- http://get.adobe.com.../?promoid=JOPDE
Adobe AIR 3.2.0.2070 and earlier versions for Windows, Macintosh and Android... follow the instructions in the Adobe AIR TechNote:
- http://helpx.adobe.c...ir-runtime.html
___

Thanks Brian:
- https://krebsonsecur...e-flash-player/
June 8, 2012
___

Inside Flash Player Protected Mode for Firefox
- https://blogs.adobe....or-firefox.html
June 7, 2012
> https://blogs.adobe....e_processes.jpg

- http://h-online.com/-1614700
9 June 2012
___

- http://www.securityt....com/id/1027139
CVE Reference: CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040
Jun 9 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.2.202.235 and prior
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (11.3.300.257 for Windows and Mac, 11.2.202.236 for Linux, 11.3.300.257 for Chrome, 11.1.115.9 for Android 4.x, 11.1.111.10 for Android 3.x).
The vendor's advisory is available at:
http://www.adobe.com.../apsb12-14.html

- https://secunia.com/advisories/49388/
Last Update: 2012-06-11
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-14.html

- https://www.us-cert...._advisory_for15
June 11, 2012 - 9:11 am

Edited by AplusWebMaster, 12 June 2012 - 09:24 PM.

[AplusWebMaster]

FYI...

ColdFusion v9.0.1 hotfix available...
- https://www.adobe.co.../apsb12-15.html
June 12, 2012
CVE number: CVE-2012-2041
Platforms: All
Summary: Adobe released a security hotfix for ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This update resolves an HTTP response splitting vulnerability in the ColdFusion Component Browser. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
*Note: ColdFusion 10 for Windows, Macintosh and UNIX is not affected by this issue.
Solution: Adobe recommends affected ColdFusion customers update their installation using the instructions provided in the technote:
- http://helpx.adobe.c...-apsb12-15.html ...

- http://www.securityt....com/id/1027146
CVE Reference: CVE-2012-2041
Jun 12 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 8.0, 8.0.1, 9.0, 9.0.1

Edited by AplusWebMaster, 12 June 2012 - 03:17 PM.

[AplusWebMaster]

FYI...

Firefox v13.0.1 released
>>> http://forums.whatth...=...st&p=788112
June 16, 2012
___

Flash crash - Firefox 13...
- http://h-online.com/-1619399
15 June 2012 - "The latest release of the Flash Player plugin, version 11.3, is causing frequent crashes in Firefox 13 on Windows. The problem seems to be related to the recently introduced Protection Mode, which is supposed to make the plugin run in a sandbox to isolate it from the rest of the system. The number of users experiencing this problem is now so large that Mozilla and Adobe are both offering differing solutions for a fix... Users should on -no- account -downgrade- to build 11.2... as it is known to contain critical security vulnerabilities which are currently being actively exploited... users should install Flash Player 10.3*, in which the vulnerabilities in question have been fixed in a similar way to version 11.3 since Adobe is continuing to supply enterprise customers with security patches for Flash 10."

* http://fpdownload.ma...r_10_plugin.exe

Edited by AplusWebMaster, 16 June 2012 - 09:22 AM.

[AplusWebMaster]

FYI...

Flash Player v11.3.300.262 released
> http://forums.adobe.com/thread/1027238
Jun 21, 2012 - "... the Windows Flash Player plug-in for Firefox, Mozilla, Netscape, Opera and other browsers was updated to 11.3.300.262. This release addresses stability issue found in Mozilla Firefox. This build does not address the audio issues reported by some customers but we continue to focus on these problems and will continue to do so until they are resolved. If you continue to have problems with this release, please see this tech note for suggestions and instructions for reporting these issues to us: Flash Player 11.3 compatibility issues with RealPlayer extension in Mozilla Firefox. For full details on the 11.3 release, please see our release notes**."

* http://helpx.adobe.c...sh-mozilla.html
Last updated: 2012-06-22

** http://helpx.adobe.c...in_Known_Issues
Last updated: 2012-06-21
___

> https://www.adobe.co...tribution3.html

Windows Flash Player 11.3.300.262 ... Plugin-based browsers:
> http://download.macr...r_11_plugin.exe
___

Flash test site: http://www.adobe.com...re/flash/about/

[AplusWebMaster]

FYI...

Flash Pro CS5.5 Security Update 11.5.2
- https://www.adobe.co.../apsb12-12.html
Last Updated: June 25, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-0778 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe released a security update for Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) for Windows and Macintosh. This update addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Note that Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh addresses this vulnerability. No update is required for users of Adobe Flash Professional CS6 (12.0.0.481) for Windows and Macintosh.
Affected software versions: Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325) and earlier versions for Windows and Macintosh
Solution: Adobe has released Adobe Flash Professional CS5.5 (11.5.2.349) to address the vulnerability highlighted in this security bulletin. Adobe recommends Adobe Flash Professional CS5.5 (11.5.1.349 and earlier) customers update their product installation by following the instructions provided in the technote:
- http://helpx.adobe.c...ity-update.html
...The Security Update is available for download at:
- https://www.adobe.co....html#flashCS55
... This update addresses a critical vulnerability in the software.
Revisions:
June 25, 2012 - Added information on release of update to Adobe Flash Professional CS5.5 (11.5.1.349 and 11.5.0.325).

Edited by AplusWebMaster, 27 June 2012 - 08:34 AM.

[AplusWebMaster]

FYI...

Flash v11.3.300.265 released
- http://forums.adobe....4551666#4551666
Jul 11, 2012 - "Flash Player 11.3 Update
Today, Flash Player 11.3.300.265 for Windows and Macintosh was released to address critical audio and stability issues.
For full details on the 11.3 release, please see our release notes.
http://www.adobe.com...leasenotes.html ..."

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
2012.07.11
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.265
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.265
Chrome 11.3.300.265
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.265
Chrome 11.3.300.265

Edited by AplusWebMaster, 11 July 2012 - 01:31 PM.

[AplusWebMaster]

FYI...

Flash v11.3.300.268 released
- http://forums.adobe....4582208#4582208
Jul 26, 2012 - "Flash Player 11.3.300.268 for Windows and Macintosh was released to address stability issues when browsing and playing Flash content. For full details on the 11.3 release, please see our release notes*..."
* http://www.adobe.com...leasenotes.html

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
2012.07.27
... The table below contains the latest Flash Player version information:
Windows:
Internet Explorer (and other browsers that support Internet Explorer ActiveX controls and plug-ins) 11.3.300.268
Firefox, Mozilla, Netscape, Opera (and other plugin-based browsers) 11.3.300.268
Macintosh:
OS X Firefox, Opera, Safari 11.3.300.268

[AplusWebMaster]

FYI...

Flash v11.3.300.270 released
- http://forums.adobe....4594596#4594596
Aug 2, 2012 - "... Flash Player 11.3.300.270 for Windows was released to address a crash that was occurring in the Adobe Flash Player Update Service (FlashPlayerUpdateService.exe). There are no other fixes or changes provided with this build. This release is available for Windows only, and affects the Active X and Plug-in installers, uninstaller, and msi's (available on the distribution page.) No other platforms are affected... Please be aware that this release is -not- available from the Product Download Center (get.adobe.com/flashplayer) which will continue to provide 11.3.300.268. We realize that this might cause confusion for some users. Due to the severity of this issue, we decided to make this build available immediately to help customers affected by this bug. Due to logistical issues and time constraints, we were unable to update the release on the Product Download Center. The next release of Flash Player will correct this disparity. Please note that unless you have been affected by the FlashPlayerUpdateService.exe crash, both 11.3.300.270 and 11.3.300.268 will be functionally identical. This release will be distributed using the following methods:
• Silent auto update - If enabled and functional, the silent auto update service will automatically install this build within 24 hours.
• Direct download - You can download the installers directly using the links below
IE:
- http://download.macr...h_player_ax.exe
Plugin-based browsers:
- http://download.macr...lash_player.exe
___

- https://blogs.adobe....nd-acrobat.html
August 9, 2012 - "... upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, August 14, 2012..."
> http://www.adobe.com/go/apsb12-16

Adobe warns of critical holes in Reader, Acrobat
- http://atlas.arbor.net/briefs/
Severity: High Severity
August 09, 2012
Adobe is releasing patches on August 14th to resolve security holes.
Analysis: ... keep these packages up-to-date with automatic update features and ensure updates are applied. Extra layers of hardening around software that integrates with the browser and email client is recommended as these are frequently attacked...

Edited by AplusWebMaster, 10 August 2012 - 02:06 PM.

[AplusWebMaster]

FYI...

> https://www.adobe.co...pport/security/

Flash updates v11.3.300.271 / v11.2.202.238 released
- https://www.adobe.co.../apsb12-18.html
August 14, 2012
CVE number: http://web.nvd.nist....d=CVE-2012-1535 - 9.3 (HIGH)
Platform: Windows, Macintosh and Linux
Summary: Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.3.300.270 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.3.300.271.
- Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
- Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 21.0.1180.79...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://secunia.com/advisories/50285/
Last Update: 2012-08-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference: http://web.nvd.nist....d=CVE-2012-1535
... vulnerability is currently being actively exploited in targeted attacks via Word documents against the Windows version.
Solution: Update to version 11.3.300.271 for Windows, Mac, and Chrome or version 11.2.202.238 for Linux.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-18.html
___

Adobe Shockwave v11.6.6.636 released
- https://www.adobe.co.../apsb12-17.html
August 14, 2012
CVE number: CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, CVE-2012-2047
Platform: Windows and Macintosh
Summary:Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system...
Solution: Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to the newest version 11.6.6.636, available here:
http://get.adobe.com/shockwave/ ...

- https://secunia.com/advisories/50283/
Release Date: 2012-08-14
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 11.6.6.636.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-17.html
___

Adobe Reader/Acrobat X v10.1.4 released
- https://www.adobe.co.../apsb12-16.html
August 14, 2012
CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
[Adobe Reader/Acrobat 9.x -before- 9.5.2 and 10.x -before- 10.1.4 on Windows and Mac OS X]
Platform: Windows and Macintosh
Summary: Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
Users of Adobe Reader X (10.1.3) and earlier versions for Windows and Macintosh should update to Adobe Reader X (10.1.4).
For users of Adobe Reader 9.5.1 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.4), Adobe has made available the update Adobe Reader 9.5.2.
Users of Adobe Acrobat X (10.1.3) for Windows and Macintosh should update to Adobe Acrobat X (10.1.4).
Users of Adobe Acrobat 9.5.1 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.2...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com...tform=Macintosh
Adobe Acrobat: Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com...latform=Windows
Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com...tform=Macintosh ...

- https://secunia.com/advisories/50281/
Last Update: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Partial Fix ...
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
Solution: Apply updates if available.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-16.html

- https://secunia.com/advisories/50290/
Release Date: 2012-08-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Acrobat 9.x, X 10.x, Adobe Reader 9.x, X 10.x
... vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Solution: No official solution is currently available...
Original Advisory: http://j00ru.vexillium.org/?p=1175

>> http://h-online.com/-1668153
15 August 2012

Edited by AplusWebMaster, 18 August 2012 - 02:32 PM.

[AplusWebMaster]

.
Win8 users vulnerable to active Flash exploits
- https://www.computer..._Flash_exploits
Sep 08, 2012
___

- https://krebsonsecur...-fixes-5-flaws/
Aug. 21, 2012 - "For the second time in a week, Adobe has shipped a critical security update for its Flash Player software. This patch, part of a planned release, closes at least six security holes in the widely-used browser plugin, and comes just one week after the company rushed out a fix for a flaw that attackers were already exploiting in the wild..."

Flash v11.4.402.265 released
- https://www.adobe.co.../apsb12-19.html
August 21, 2012
CVE number: CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168
Platform: All Platforms
Details: Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh
Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
Revisions: Aug 30, 2012 - Added information regarding CVE-2012-4171
- http://web.nvd.nist....d=CVE-2012-4171
08/31/2012

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
___

>> http://get.adobe.com/air/
Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.

> These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-4167).
These updates resolve a cross-domain information leak vulnerability (CVE-2012-4168)...

- https://www.adobe.co...ty_ratings.html
"Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours)."
___

- https://secunia.com/advisories/50354/
Release Date: 2012-08-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: Adobe AIR 3.x, Adobe Flash Player 11.x ...
Solution: Update to a fixed version.
Original Advisory: Adobe:
http://www.adobe.com.../apsb12-19.html

- http://www.securityt....com/id/1027422
CVE Reference:
- http://web.nvd.nist....d=CVE-2012-4163 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4164 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4165 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4166 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4167 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4168 - 4.3
Aug 22 2012
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Version(s): 11.3.300.271 and prior
Solution: The vendor has issued a fix (11.4.402.265 for Windows and OS X; 11.2.202.238 for Linux; 11.1.111.16 for Android 2.x and 3.x; 11.1.115.17 for Android 4.x)...

Edited by AplusWebMaster, 09 September 2012 - 09:04 AM.