Posts Tagged ‘Adobe’

Adobe LogoTuesday Updates – Adobe Security Bulletins (December 9, 2014)

The security updates affect products such as Adobe Flash Player, Adobe Reader, Adobe Acrobat and Adobe ColdFusion.

December 9 this year in the “Tuesday Updates” Adobe has released three security bulletins. They fix 27 vulnerabilities in products such as Adobe Reader, Adobe Acrobat, Adobe Flash Player and ColdFusion.

1. The first bulletin (ID: APSB14-27)fixes six vulnerabilities in Adobe Flash Player, one of which is critical. One of the flaws are being actively exploited by cybercriminals, in connection with which the company has assigned the highest priority update. (more…)

Adobe FlashUsers are advised to install security updates as soon as possible.

Yesterday, Adobe released an emergency update Flash Player, which addresses two zero-day vulnerabilities.

The manufacturer has confirmed that the underlying vulnerability used in the implementation of targeted attacks using the documents in Microsoft Word. These documents are distributed by spam mailings, when opened on the victim’s system runs the malicious SWF-content. One of the vulnerabilities in the ActiveX-focused version of Flash Player for Windows.

Adobe thanked experts from Kaspersky Lab Sergey Golovanov and Alexander Polyakov for the detection of one of the vulnerabilities. (more…)

Multiple vulnerabilities in Adobe Flash Player

Adobe Flash Player vulnerabilities

Vulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger level: Critical
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2013-0633
CVE-2013-0634
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x

Affected versions:

– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.2.202.261 and earlier versions for Linux;
– Flash Player 11.1.115.36 and earlier versions for Android 4.x;
– Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x;
– Flash Player 11.5.31.137 and earlier versions for Chrome (Windows, Macintosh and Linux);
– Flash Player 11.3.378.5 and earlier versions of Internet Explorer 10 in Windows 8. (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Company Adobe released a security update for its scripting language ColdFusion.

According to the message of developers, at the time of emergence of updatings the corrected vulnerabilities actively were operated by malicious software in such versions of the program, as 10, 9.0.2, 9.0.1 and 9 for the Windows, Mac OS X and UNIX operating systems.

Let’s remind, earlier the company already reported that these gaps allow the removed malefactor to bypass the authentication mechanism, to get access to the protected directories, and also complete control over system. All eliminated Adobe of vulnerability contain in ColdFusion of versions 9.x. Thus two gaps are present also at version 10 ColdFusion. (more…)

Vulnerability

Vulnerabilities in Adobe ColdFusion

Vulnerability: Multiple Vulnerabilities Adobe ColdFusion

Danger level: Critical
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2013-0625
CVE-2013-0629
CVE-2013-0631

Affected Products: Adobe ColdFusion 9.x
Adobe ColdFusion 10.x

Affected versions: ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0 (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Vulnerability: Multiple Vulnerabilities in Adobe ColdFusion

Danger level: Critical
Availability of fixes: Instructions on elimination
Number of vulnerabilities: 3

Affected Products: Adobe ColdFusion 9.x
Adobe ColdFusion 10.x

Affected versions: ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. The vulnerability is caused due to an unspecified error. This can be exploited to bypass the authentication functionality and gain full control over the target system. (more…)

Adobe LogoThe developers released an update that closes a dangerous gap in three products of the company.

According to the developers of Adobe, January 8, 2013 was released a security update for the company’s products such as Flash, Reader and Acrobat. Specialists note that the removal of a critical vulnerability could cause the recent failures of computers.

“This update fixes vulnerabilities that could lead to a crash of the application, and allow an attacker to potentially gain administrative access to the target system,” – says the expert.

It should be noted that Adobe did not provide any details on the vulnerability, but the company recommends that users of operating systems Windows, Mac OS X, Linux, and Android update Adobe Flash Player to the latest version. (more…)

Adobe Logo

Vulnerability in Shockwave

Adobe has promised in February to eliminate dangerous vulnerability in its software Shockwave.

The identified vulnerability allows an attacker to embed multimedia content Shockwave-instructions to download the software to the user’s computer to run them on the victim computer. It is noted that this vulnerability exists in the system has at least two years.

In US CERT, warned about the vulnerability, saying that Shockwave allows attackers without notice to place malicious code on the system and implement it, which gives them almost unlimited power, the attacks. US CERT first notified Adobe about the problem more October 27, 2010, but Adobe claims that the issue will be closed until next update Shockwave, scheduled for February 12.

In Adobe say that today they do not know if there are any active exploits working on this vulnerability, respectively, for the affected users while not dangerous, say in the press service of the company. (more…)

Adobe FlashVulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger: High
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-5676
CVE-2012-5677
CVE-2012-5678
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x
Adobe AIR 3.x

Affected versions:

Adobe Flash Player 11.5.502.110 for Windows and earlier versions
Adobe Flash Player 11.2.202.251 for Linux and earlier
Adobe Flash Player 11.1.115.27 for Android 4.x and earlier versions
Adobe Flash Player 11.1.111.24 for Android 3.x/2.x and earlier
Adobe Flash Player 11.3.376.12 for Internet Explorer 10
Adobe AIR 3.5.0.600 for Windows, Mac and Android (more…)

Vulnerability

Adobe Shockwave Player

Vulnerability: Multiple vulnerabilities in Adobe Shockwave Player

Severity level: High
Patch existence: Yes
Quantity of vulnerabilities: 6

Impact: System compromise

Vulnerable products: Adobe Shockwave Player 11.x

Vulnerable versions: Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Mac. (more…)