Posts Tagged ‘Flash Player’

Adobe Logo

Vulnerabilities in Adobe Reader

The Adobe Systems company has released an update for Flash Player, Reader, Acrobat and Shockwave Player, designed to eliminate critical vulnerabilities that could allow hackers to gain remote control over the victim’s computer.

Flash Player update includes patches for four vulnerabilities that could allow an attacker to execute arbitrary code. Updated versions of Flash Player for Windows ( new version 11.8.800.168), Mac OS X (11.8.800.168), Linux (11.2.202.310) and Android (11.1.111.73).

Web browsers Google Chrome and Internet Explorer 10, will receive the updates automatically.

Similar vulnerabilities have been fixed in a cross platform environment Adobe AIR, which is also equipped with Flash Player. A new version of AIR for Windows, Mac OS X and Android – 3.8.0.1430. (more…)

Adobe FlashUsers are advised to install security updates as soon as possible.

Yesterday, Adobe released an emergency update Flash Player, which addresses two zero-day vulnerabilities.

The manufacturer has confirmed that the underlying vulnerability used in the implementation of targeted attacks using the documents in Microsoft Word. These documents are distributed by spam mailings, when opened on the victim’s system runs the malicious SWF-content. One of the vulnerabilities in the ActiveX-focused version of Flash Player for Windows.

Adobe thanked experts from Kaspersky Lab Sergey Golovanov and Alexander Polyakov for the detection of one of the vulnerabilities. (more…)

Multiple vulnerabilities in Adobe Flash Player

Adobe Flash Player vulnerabilities

Vulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger level: Critical
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2013-0633
CVE-2013-0634
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x

Affected versions:

– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh;
– Flash Player 11.2.202.261 and earlier versions for Linux;
– Flash Player 11.1.115.36 and earlier versions for Android 4.x;
– Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x;
– Flash Player 11.5.31.137 and earlier versions for Chrome (Windows, Macintosh and Linux);
– Flash Player 11.3.378.5 and earlier versions of Internet Explorer 10 in Windows 8. (more…)

Adobe FlashVulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger: High
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-5676
CVE-2012-5677
CVE-2012-5678
Vector of operation: Remote
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x
Adobe AIR 3.x

Affected versions:

Adobe Flash Player 11.5.502.110 for Windows and earlier versions
Adobe Flash Player 11.2.202.251 for Linux and earlier
Adobe Flash Player 11.1.115.27 for Android 4.x and earlier versions
Adobe Flash Player 11.1.111.24 for Android 3.x/2.x and earlier
Adobe Flash Player 11.3.376.12 for Internet Explorer 10
Adobe AIR 3.5.0.600 for Windows, Mac and Android (more…)

Adobe Flash

Vulnerabilities in Flash Player for Windows

Vulnerability: Multiple vulnerabilities in Flash Player for Microsoft Windows

Danger: High
Patch: Yes
Quantity of vulnerabilities: 7

CVE ID: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280

Impact:
– Security Bypass
– Compromise of

Affected Products:
– Microsoft Windows 8;
– Microsoft Windows Server 2012. (more…)

Kaspersky Lab

main types of vulnerable applications

Kaspersky Lab has identified five main types of vulnerable applications, which using exploits. The study of viral activity in the third quarter of 2012, more than 50% of the attacks were used loopholes in Java. Updates of the software installed on the user’s request, not automatically, which increases time life of the vulnerability. Java exploits are fairly easy to use under any version of Windows, and with some work attackers, as was the case with Flashfake, the exploit can be cross-platform. This explains the special interest cybercriminals java-vulnerabilities.

In second place attack through Adobe Reader, which accounted for a quarter of all reflected attacks. Gradually popular exploits this application is reduced, due to the rather simple mechanism for their detection and automatic updates introduced in the latest version. About 3% of the attacks were in exploits the vulnerability in Windows Help and Support Center, as well as various vulnerabilities in the browser Internet Explorer.

Errors in Flash-player files are subject to scrutiny intruders. According to Kaspersky Security Network system for the third quarter of 2012, the ten most common vulnerabilities were two “representative» Adobe Flash. Close the top five exploits for devices running Android OS. Their main goal – to make imperceptible “jailbreak” and provide any programs, including malware, full access to the memory and features of the phone or tablet. (more…)

Adobe FlashVulnerability: Multiple vulnerabilities in Adobe Flash Player

Danger: High
If the Patch: Yes
Number of vulnerabilities: 25

Impact: System Compromise
Affected products:

– Adobe Flash Player 11.x;
– Adobe AIR 3.x (more…)

Adobe FlashVulnerability: Execution of arbitrary code in Adobe Flash Player

Severity Rating: Critical
CVE ID: CVE-2012-1535
Impact: System Compromise

Affected Products: Adobe Flash Player 11.x

Affected versions: (more…)

Adobe FlashInternet Explorer 10 in Windows 8 is the second browser after Chrome, for which Flash Player is included in the browser automatically updates.

In theory, this should improve the safety of the users, if one of the most sensitive programs in the system will be updated automatically. But in practice, things are somewhat different.

14 and August 21, Adobe released two update for Flash Player, which cover eight vulnerabilities, some of which have a maximum risk status (“1” in the classification of Adobe). One of the vulnerabilities described in the bulletin APSB12-19, for almost two years, being exploited as effectively exploit 0-day. (more…)