207 replies to this topic

[AplusWebMaster]

FYI...

ColdFusion DoS vuln/hotfix
- https://secunia.com/advisories/50523/
Release Date: 2012-09-11
Criticality level: Moderately critical
Impact: DoS
Where: From remote
Software: Adobe ColdFusion 10.x, 8.x, 9.x
CVE Reference: CVE-2012-2048
Original Advisory: http://www.adobe.com.../apsb12-21.html
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This update resolves a vulnerability which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.c...-apsb12-21.html .
___

- http://www.securityt....com/id/1027516
Sep 11 2012

[AplusWebMaster]

FYI...

Adobe revocation of code signing certificate
- https://www.adobe.co.../apsa12-01.html
Sep 27, 2012 - "Summary: Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe plans to revoke the certificate on October 4 for all software code signed after July 10, 2012. Adobe is in the process of issuing updates signed using a new digital certificate for all affected products...
Affected software versions: The vast majority of Adobe customers will not be impacted by this issue. However, some customers, in particular administrators in managed Windows environments, may need to take certain action. To determine whether you or your organization are impacted, please refer to the support page on the Adobe website*...
* http://helpx.adobe.c...te-updates.html

- http://nakedsecurity...r-sign-malware/
Sep 28, 2012 - "... the issue appears to have been the result of hackers compromising a vulnerable build server. Malware seen using the digital signature includes pwdump7 v 7.1 (a utility that scoops up password hashes, and is sometimes used as a single file that statically links the OpenSSL library libeay32.dll). According to Adobe, the second malicious utility is myGeeksmail.dll, a malicious ISAPI filter..."

- https://isc.sans.edu...l?storyid=14194
Last Updated: 2012-09-28

- http://h-online.com/-1719955
28 Sep 2012

Edited by AplusWebMaster, 29 September 2012 - 12:18 PM.

[AplusWebMaster]

FYI...

Adobe revokes certificate ...
- https://www.adobe.co.../apsa12-01.html
Last updated: Oct 4, 2012 - "... Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products. The following certificate has been revoked and the certificate revocation list (CRL) is available at http://csc3-2010-crl...m/CSC3-2010.crl ..."
___

Adobe Cert Used to Sign Malware ...
- http://atlas.arbor.n...index#666340356
Oct 05, 2012

- https://blogs.techne...Redirected=true
3 Oct 2012

Edited by AplusWebMaster, 06 October 2012 - 07:51 AM.

[AplusWebMaster]

FYI...

Flash v11.4.402.287 / AIR v3.4.0.2710 released
- https://www.adobe.co.../apsb12-22.html
Oct 8, 2012
CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.4.402.278 and earlier versions for Windows and Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh should update to Adobe Flash Player 11.4.402.287.
• Users of Adobe Flash Player 11.2.202.238 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.243.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh.
• Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version*, which will include Adobe Flash Player 11.3.375.10 for Windows.
• Users of Adobe Flash Player 11.1.115.17 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.20.
• Users of Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.19.
• Users of Adobe AIR 3.4.0.2540 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
• Users of the Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2710 SDK.
• Users of the Adobe AIR 3.4.0.2540 and earlier versions for Android should update to the Adobe AIR 3.4.0.2710...
These updates address critical vulnerabilities in the software...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/
___

>> http://get.adobe.com/air/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
* https://technet.micr...dvisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.micro....com/kb/2758994
___

- https://secunia.com/advisories/50876/
Release Date: 2012-10-09
Criticality level: Highly critical
Impact: System access
Where: From remote...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb12-22.html

- http://www.securityt....com/id/1027624
CVE Reference: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
Oct 9 2012
Version(s): - prior- to 10.3.183.29, 11.4.402.287 for Windows and Mac; 11.2.202.243 for Linux; 11.1.115.20 for Android 4.x; 11.1.111.19 for Android 3.x...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (10.3.183.29, 11.4.402.287 for Windows and Mac; 11.2.202.243 for Linux; 11.1.115.20 for Android 4.x; 11.1.111.19 for Android 3.x)...

- https://www.us-cert...._bulletin_for15
Oct 10, 2012 - Flash v11.4.402.287 released...

Edited by AplusWebMaster, 13 October 2012 - 03:45 PM.

[AplusWebMaster]

FYI...

Shockwave v11.6.8.638 released
- https://www.adobe.co.../apsb12-23.html
Oct 23, 2012
CVE numbers:
- http://web.nvd.nist....d=CVE-2012-4172 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4173 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4174 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4175 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-4176 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5273 - 10.0 (HIGH)
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638...
... newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/
... This update addresses critical vulnerabilities in the software...

- https://secunia.com/advisories/51090/
Release Date: 2012-10-24
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions 11.6.7.637 and prior for Windows and Macintosh.
Solution: Update to version 11.6.8.638.

Edited by AplusWebMaster, 24 October 2012 - 09:52 AM.

[AplusWebMaster]

FYI...

Flash v11.5.502.110 released
- https://www.adobe.co.../apsb12-24.html
Nov 6, 2012
CVE number:
- http://web.nvd.nist....d=CVE-2012-5274 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5275 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5276 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5277 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5278 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5279 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-5280 - 10.0 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
- Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
- Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
- Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
- Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600...
These updates address -critical- vulnerabilities in the software...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/

> http://helpx.adobe.c...ease_notes.html
___

- https://secunia.com/advisories/51213/
Release Date: 2012-11-07
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... exploitation of the vulnerabilities may allow execution of arbitrary code...
Solution: Update to a fixed version.
Original Advisory: Adobe (APSB12-24):
http://www.adobe.com.../apsb12-24.html

Edited by AplusWebMaster, 07 November 2012 - 05:02 PM.

[AplusWebMaster]

FYI...

ColdFusion 10 Hotfix available for Windows
- https://www.adobe.co.../apsb12-25.html
November 19, 2012
CVE number: CVE-2012-5674
Platform: Windows
Summary: Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below.
Affected software versions: ColdFusion 10 Update 1 and above for Windows
Solution: Adobe recommends customers update their installation of ColdFusion 10 Update 1 and above for Windows to ColdFusion 10 Update 5 using the instructions provided in the technote:
> http://helpx.adobe.c...-apsb12-25.html
___

- https://secunia.com/advisories/51335/
Release Date: 2012-11-20
Criticality level: Moderately critical
Impact: DoS
Where: From remote
CVE Reference: CVE-2012-5674
... vulnerability is reported in version 10 update 1 and higher.
Solution: Update to version 10 update 5...

Edited by AplusWebMaster, 20 November 2012 - 08:05 AM.

[AplusWebMaster]

FYI...

Flash Player v11.5.502.135 released
- https://www.adobe.co.../apsb12-27.html
Dec 11, 2012
CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.135.
- Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136.
- Users of Adobe Flash Player 11.2.202.251 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.258.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.5 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.377.15.
- Users of Adobe Flash Player 11.1.115.27 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.34.
- Users of Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.29.

- Users of Adobe AIR 3.5.0.600 and earlier versions for Windows should update to Adobe AIR 3.5.0.880.
- Users of Adobe AIR 3.5.0.600 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.890.
- Users of the Adobe AIR 3.5.0.600 SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.880 SDK (Windows) or Adobe AIR 3.5.0.890 SDK (Mac)...
- http://get.adobe.com/air/

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://secunia.com/advisories/51560/
Release Date: 2012-12-12
Criticality level: Highly critical
Impact: System access
Where: From remote...
___

ColdFusion 10 and earlier - Hotfix available
- https://www.adobe.co.../apsb12-26.html
December 11, 2012
CVE number: CVE 2012-5675
Platform: All Platforms
Summary: Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment...
Affected software versions:
ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX
Solution:
Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote:
http://helpx.adobe.c...-apsb12-26.html .

- https://secunia.com/advisories/51551/
Release Date: 2012-12-12
Criticality level: Moderately critical
Impact: Security Bypass
Where: From remote...

Edited by AplusWebMaster, 12 December 2012 - 04:49 AM.

[AplusWebMaster]

FYI...

Adobe Photoshop Camera Raw - plug-in vuln/update
- https://www.adobe.co.../apsb12-28.html
December 12, 2012
CVE number: CVE-2012-5679, CVE-2012-5680
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Photoshop Camera Raw versions 7.2 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Photoshop Camera Raw versions 7.2 and earlier versions for Windows and Macintosh update to Photoshop Camera Raw version 7.3 using the instructions provided in the "Solution" section below...
Affected software versions: Photoshop Camera Raw version 7.2 and earlier versions for Windows and Macintosh.
Solution: Adobe recommends customers update the Photoshop Camera Raw plugin through the update mechanism available in the Adobe Bridge 5.0 or 5.0.1 client. To update the plugin, choose Updates from the Help menu, and then follow the onscreen instructions to download and install the latest version of the Camera Raw plug-in."

- https://secunia.com/advisories/49929/
Release Date: 2012-12-13
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-5679, CVE-2012-5680
Software: Adobe Bridge CS6 5.x, Adobe Photoshop CS6 13.x
Solution: Update the plug-in to version 7.3 via the application's update mechanism...

[AplusWebMaster]

FYI...

Adobe ColdFusion - multiple vulns ...
- https://www.adobe.co.../apsa13-01.html
January 4, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631
Platform: All
Summary: Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX:
CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers. Note that CVE-2013-0625 and CVE-2013-0629 only affect ColdFusion customers who do not have password protection enabled or have no password set. We are in the process of finalizing a fix for the issues and expect a hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX will be available on January 15, 2013..."
___

Adobe Reader/Acrobat prenotification for Jan 2013
- https://www.adobe.co.../apsb13-02.html
Jan 3, 2013 - "Adobe is planning to release security updates on Tuesday, January 8, 2013 for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux..."

[AplusWebMaster]

FYI...

Flash Player v11.5.502.146 released
- https://www.adobe.co.../apsb13-01.html
Jan 8, 2013
CVE number: http://web.nvd.nist....d=CVE-2013-0630 - 10.0 (HIGH)
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.135 and earlier versions for Windows should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.146.
- Users of Adobe Flash Player 11.2.202.258 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.261.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.137 for Windows, Macintosh and Linux.
Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.378.5 for Windows: https://support.micr....com/kb/2796096
- Users of Adobe Flash Player 11.1.115.34 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.36.
- Users of Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.31.
- Users of Adobe AIR 3.5.0.880 and earlier versions for Windows should update to Adobe AIR 3.5.0.1060.
- Users of Adobe AIR 3.5.0.890 and earlier versions for Macintosh should update to Adobe AIR 3.5.0.1060.
- Users of the Adobe AIR SDK (includes AIR for iOS) should update to the Adobe AIR 3.5.0.1060 SDK...

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/
___

- https://secunia.com/advisories/51771/
Release Date: 2013-01-08
Criticality level: Highly critical
Impact: System access
Where: From remote...
CVE Reference: CVE-2013-0630
Solution: Update to a fixed version...
___

Adobe Reader/Acrobat v11.0.1 released
- https://www.adobe.co.../apsb13-02.html
Jan 8, 2013
CVE numbers: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Platform: All
Summary: Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Reader XI (11.0.0) for Windows and Macintosh should update to Adobe Reader XI (11.0.1).
- For users of Adobe Reader X (10.1.4) and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader X (10.1.5).
- For users of Adobe Reader 9.5.2 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.1), Adobe has made available the update Adobe Reader 9.5.3.
- Users of Adobe Reader 9.5.1 and earlier versions for Linux should update to Adobe Reader 9.5.3.
- Users of Adobe Acrobat XI (11.0.0) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.1).
- Users of Adobe Acrobat X (10.1.4) and earlier versions for Windows and Macintosh should update to Adobe Acrobat X (10.1.5).
- Users of Adobe Acrobat 9.5.2 and earlier versions for Windows and Macintosh should update to Adobe Acrobat 9.5.3...
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism...
Adobe Acrobat: Users can utilize the product's update mechanism...
___

- http://www.securityt....com/id/1027952
CVE Reference: CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Jan 8 2013
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
Solution: The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).
... advisory is available at:
- http://www.adobe.com.../apsb13-02.html

Edited by AplusWebMaster, 25 January 2013 - 05:57 AM.

[AplusWebMaster]

FYI...

ColdFusion hotfix released
- https://www.adobe.co.../apsa13-01.html
Last updated: January 16, 2013
CVE number: CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
Platform: All
Summary: Adobe has identified four vulnerabilities affecting ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX:
• CVE-2013-0625 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
• CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories.
• CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
• CVE-2013-0632 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server.
There are reports that these vulnerabilities are being exploited in the wild against ColdFusion customers.
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX. Adobe recommends users update their product installation using the instructions provided in the "Solution" section of Security Bulletin APSB13-03*..."
* https://www.adobe.co.../apsb13-03.html
>> http://helpx.adobe.c...-apsb13-03.html

January 16, 2013 - Advisory revised to correct the versions of ColdFusion vulnerable to CVE-2013-0625.

Edited by AplusWebMaster, 16 January 2013 - 11:17 PM.

[AplusWebMaster]

FYI...

Flash v11.5.502.149 released
- https://www.adobe.co.../apsb13-04.html
Feb 7, 2013
CVE number:
- https://web.nvd.nist...d=CVE-2013-0633 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0634 - 9.3 (HIGH)
Platform: All Platforms
Summary: Adobe has released security updates... These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0633 is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content. The exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows.
Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
- Users of Adobe Flash Player 11.2.202.261 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.262.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.139 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows...
- Users of Adobe Flash Player 11.1.115.36 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.37.
- Users of Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.32.

Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

- https://blogs.adobe....-apsb13-04.html

- https://secunia.com/advisories/52116/
Release Date: 2013-02-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2013-0633, CVE-2013-0634
... vulnerability is currently being actively exploited in targeted attacks against the Macintosh and Windows versions...
Solution: Update to a fixed version.
Original Advisory: http://www.adobe.com.../apsb13-04.html
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
"... updates are available from... Windows Update..."
V7.0 (February 7, 2013): Added KB2811522* to the Current update section.
* http://support.micro....com/kb/2811522

Edited by AplusWebMaster, 09 February 2013 - 10:25 AM.

[AplusWebMaster]

FYI...

Flash Player v11.6.602.168 released
- https://www.adobe.co.../apsb13-05.html
February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637
https://web.nvd.nist...r...ths&cves=on
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.262 and earlier versions for Linux, Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.168.
- Users of Adobe Flash Player 11.5.502.149 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.167.
- Users of Adobe Flash Player 11.2.202.262 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.270.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.167 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.167 for Windows.
- Users of Adobe Flash Player 11.1.115.37 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.47.
- Users of Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.43.
- Users of Adobe AIR 3.5.0.1060 and earlier versions should update to Adobe AIR 3.6.0.597.
- Users of the Adobe AIR 3.5.0.1060 SDK (including AIR for iOS) and earlier should update to the new Adobe AIR 3.6.0.599 SDK + Compiler...

- https://www.adobe.co...05.html#Ratings
Product Updated version Platform Priority rating
Adobe Flash Player 11.6.602.168 Windows 1

Flash Download:
> https://www.adobe.co...tribution3.html

Flash test site: http://www.adobe.com...re/flash/about/

>> http://get.adobe.com/air/
___

MS Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
"... updates are available from... Windows Update..."
V8.0 (February 12, 2013): Added KB2805940 to the Current update section.
* http://support.micro....com/kb/2805940
___

Shockwave Player v12.0.0.112 released
- https://www.adobe.co.../apsb13-06.html
February 12, 2013
CVE number: CVE-2013-0635, CVE-2013-0636
Platform: Windows and Macintosh
Summary: Adobe has released a security update for Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.8.638 and earlier versions update to Adobe Shockwave Player 12.0.0.112...

>> http://get.adobe.com/shockwave/

.

Edited by AplusWebMaster, 13 February 2013 - 12:32 PM.

[AplusWebMaster]

FYI...

Adobe Reader/Acrobat 11.0.02 released
- https://www.adobe.co.../apsb13-07.html
February 20, 2013
CVE number:
- http://web.nvd.nist....d=CVE-2013-0640 - 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2013-0641 - 9.3 (HIGH)
Platform: All Platforms
"... Adobe recommends users update their product installations to the latest versions:
• Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
• For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
• For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
• Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
• Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
• Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
• Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4...
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader: Users on Windows and Macintosh can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader users on Windows can also find the appropriate update here:
- http://www.adobe.com...latform=Windows
Adobe Reader users on Macintosh can also find the appropriate update here:
- http://www.adobe.com...tform=Macintosh
Adobe Reader users on Linux can find the appropriate update here:
- ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/
Adobe Acrobat: Users can utilize the product's update mechanism... Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard, Pro and Pro Extended users on Windows can also find the appropriate update here:
- http://www.adobe.com...latform=Windows
Acrobat Pro users on Macintosh can also find the appropriate update here:
- http://www.adobe.com...tform=Macintosh ..."

New Downloads:
- https://www.adobe.co...wnloads/new.jsp

Edited by AplusWebMaster, 20 February 2013 - 02:43 PM.