Archive

Posts Tagged ‘Adobe’

Adobe Flash Player 10.3 Advisory

September 18, 2011 Leave a comment

Flash Player by Adobe, consistently plagued with vulnerabilities, has under gone yet another minor version upgrade on the Release channel – to 10.3.183.7 10.3.183.10

Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5.
Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3.

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Google Security

A Google Security researcher who fuzzed over 400 bugs in Flash Player was denied attribution by Adobe, because of the way CVE numbers are allocated.
He blogged about it in this post, and Adobe responded with their own snark..

So, what’s the right number of CVEs to allocate? In this particular case, some of the code changes we made were closely related within a single component, which would argue for consolidating them with a single CVE, while others were clearly distinct. At this point, we’d rather invest our time in continuing the hardening work that will make Flash Player more robust against attack than reviewing change logs. We’ve updated the security bulletin to include CVE-2011-2424 to describe this batch of bugs.

http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html

And the updated text of the advisory now attributes the CVE to the Google team.

This update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2011-2424).

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Tavis Ormandy of the Google Security Team (CVE-2011-2424)

http://www.adobe.com/support/security/bulletins/apsb11-21.html

Downloads

Android users can get the latest release version from the market here, Internet Explorer users can direct download from FileHippo.com and those running Firefox can grab it from FileHippo.com too..

Those looking for the official Adobe Flash Player download site can click here.

Adobe Reader X – 10.1 Update Fixes Sym Link Bugs

June 25, 2011 Leave a comment

Adobe Reader X aims to solve many of the serious security flaws found in older versions of Reader by implementing ‘Protected Mode‘, a type of sandboxing. This is a serious attempt by Adobe to stop malware authors exploiting their software.

The first version of Abobe Reader 10 recreated an old bug, evident in the 9 release, where it failed to load on systems with remote or roaming profiles.

mklink C:Users /J D:Users

There is a patch pushed through the new update mechanism to version 10.0.1 which Adobe claim contains ‘Numerous security fixes as well as improvements to Protected Mode..’ However, the cause of the fault is now acknowledged in the Protected Mode Troubleshooting guide –

Launching Reader 10.0  via a user profile that has been moved to a different drive using a symbolic link; that is, profiles that have been copied from one drive to another cannot use Reader with Protected Mode enabled.

This is now resolved in a new 10.1 update, available from filehippo.com or Adobe directly.


Adobe Reader X - 10.1 Update

Flash Player 10.3 Beta 2

April 12, 2011 Leave a comment

Flash Player has been updated to version 10.3 beta 2, (minor build v 180.65,) for 32bit browsers.

Check which version of the plug-in you have installed, and see which is the latest build for your OS / browser.

FileHippo.com

Click to download the latest IE ActiveX plugin, or you might want to download the plugin for Firefox.
I love full direct downloads, perfect for storing on a memory stick. Get your updates for IE or Firefox quickly with these direct download links from FileHippo.com – On the right hand side, just click the green arrow or the Download Latest Version text..

FileHippo.com Download

Add to favourites for future use; the page content updates, but the URL stays the same, so you can quickly find the updates you need..

64 bit Browsers

If you run a 64 bit Firefox Nightly build or the custom 64 bit Namoroka or IE9 x64, Adobe recommend you Download Flash Player 'Square'Download Flash Player “Square” because they still don’t support 64bit browsers.

It’s important to note that you must download the uninstaller too, there is a separate link to it from the download page.
You will need to un-install this preview version manually before you can update to a newer version.

Adobe Reader X

February 13, 2011 Leave a comment

The new version of Adobe Reader aims to solve many of the serious security flaws found in the older software by implementing a Protected Mode, or sandboxing. This is a serious attempt by Adobe to stop malware authors exploiting their software.

My system runs Windows 7 x64  and I boot from an SSD with Program Files and Profiles on another drive. Reader X installed but failed to run, instead opening a small window to inform me it had encountered a Runtime error and had to close. A quick google search revealed this problem was quite widespread.

I was able to counter the crash by running the exe in compatibility mode, which forced Reader to show options for running with protected mode disabled.

There is a patch pushed through the new update mechanism to version 10.0.1 which Adobe claim contains Numerous security fixes as well as improvements to Protected Mode..

Has it worked? There is no longer an app crash on lauch, but I get the Protected Mode options screen even when I disable the Compatibility Mode. However, the cause of the fault is now acknowledged in the Protected Mode Troubleshooting guide –

Launching Reader 10.0  via a user profile that has been moved to a different drive using a symbolic link; that is, profiles that have been copied from one drive to another cannot use Reader with Protected Mode enabled.

Now that’s progress..