Adobe

Krebs On Security

Adobe, Microsoft and Oracle today each issued security updates to fix serious vulnerabilities in their products. Adobe released patches for AIR, Acrobat, Flash and Reader, while Microsoft pushed out fixes to shore up at least a half dozen security weaknesses in Windows and Office. Oracle released an update for Java that fixes at least three dozen security holes in the widely-used program.

http://krebsonsecurity.com/2014/01/security-updates-for-windows-flash-reader/

{ 0 comments }

MSRC

6 Nov 2012 10:00 AM

Today, in conjunction with Adobe’s update process, we have revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.

We remain committed to taking the appropriate actions to help protect customers and will continue to work closely with Adobe to deliver quality protections that are aligned with Adobe’s update process.

http://blogs.technet.com/b/msrc/archive/2012/11/06/security-advisory-2755801-revised-to-address-adobe-flash-player-issues-nov-6-2012.aspx

{ 0 comments }

Adobe Product Security Incident Response Team (PSIRT) Blog

Today, a Security Bulletin (APSB11-05) has been posted to address a critical security issue (CVE-2011-0609) in Adobe Flash Player, as referenced in Security Advisory Security Advisory APSA11-01. This Security Bulletin affects Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.18 and earlier versions for Chrome users) for Windows, Macintosh, Linux, and Solaris operating systems, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Adobe recommends users apply the updates for their product installations.

http://blogs.adobe.com/psirt/2011/03/security-update-available-for-adobe-flash-player-apsb11-05.html

{ 0 comments }

Adobe Sandbox-Protected Reader X Available

by certifiedbug on November 24, 2010

in Internet Security

Reader X for Windows implements a sandbox architecture functionality that opens PDF files in an isolated instance of the application. This helps protect a computer from malicious code that may be contained in a PDF file.

Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks. Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers.

http://blogs.adobe.com/asset/2010/11/adobe-reader-x-is-here.html

“Protected Mode” is enabled by default.

On the download page there is a pre-checked box to include McAfee Security Scan Plus. If you do not want this added to your download uncheck the box before hitting “Download now”.

Note also that Adobe states, “You may have to temporarily disable your antivirus software.” I did not run into any issues leaving mine enabled but it may depend on the AV you have installed.

{ 0 comments }

Adobe critical update

November 18, 2010

Tuesday Adobe issued a Critical update to patch at least two security holes in its PDF Reader and Acrobat software. Release date: November 16, 2010 Vulnerability identifier: APSB10-28 CVE numbers: CVE-2010-3654, CVE-2010-4091 Platform: All Platforms In addition to addressing CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog (“Potential issue […]

Read the full article →

Security updates available for Adobe Reader and Acrobat

October 7, 2010

Release date: October 5, 2010 Vulnerability identifier: APSB10-21 Adobe recommends users of Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.4. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.4, Adobe has provided the Adobe Reader 8.2.5 update.) Adobe recommends users of […]

Read the full article →

Adobe Flash Critical Vulnerability

September 14, 2010

Yes another one… September 13, 2010 Vulnerability identifier: APSA10-03 A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and […]

Read the full article →

Adobe Reader and Acrobat out-of-cycle Security updates available

August 22, 2010

August 19, 2010 All Platforms Critical vulnerabilities have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the […]

Read the full article →

Adobe Flash Player Security update available

August 14, 2010

Critical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of […]

Read the full article →

Adobe-Security updates available

June 30, 2010

Security bulletin This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240). This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295). This update resolves an invalid pointer vulnerability that could lead to […]

Read the full article →