Home Tags Adobe Systems

Tag: Adobe Systems

Adobe patches critical flaws in Flash Player, Reader, and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers. The Flash Player update fixes 13 vulnerabilities, 12 that can lead to remote code execution and one that allows attackers to bypass a security restriction and disclose information.

Adobe is not aware of any exploit for these flaws existing in the wild. Users are advised to upgrade to Flash Player version 24.0.0.194 on Windows, Mac and Linux.

The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer will be automatically upgraded through those browsers' respective update mechanisms. The Adobe Reader and Acrobat updates address 29 vulnerabilities, 28 of which can lead to arbitrary code execution. Like with the Flash Player flaws, Adobe is not aware of any of these vulnerabilities being exploited by attackers. The company advises Acrobat and Reader DC users to upgrade to version 15.023.20053 if they use the "continuous" release track or to version 15.006.30279 if they're on the "classic" track. Users of the older, but still supported, Acrobat XI and Reader XI should upgrade to version 11.0.19. Because of their security sandbox which makes exploits significantly harder to implement, Adobe Reader and Acrobat are rarely targeted by hackers today compared to be some years ago. However, Flash Player remains a hacker favourite, with zero-day attacks against it being relatively common and with exploits being integrated into widely used Web-based attack tools.

SAFECode Gets a New Executive Director

Former Microsoft Executive Steven Lipner, who helped to create the Secure Development Lifecycle (SDL) is the new Executive Director of the Software Assurance Forum for Excellence in Code (SAFECode). SAFECode is getting new leadership with the appointme...

Adobe fixes flaws in Flash Player and Adobe Connect

Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform, which is  popular in enterprise environments. The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers.

All of them were privately reported by researchers through Trend Micro’s Zero Day Initiative, an exploit acquisition program. Users should upgrade to Flash Player 23.0.0.207 for Windows and Mac and to Flash Player 11.2.202.644 for Linux.

The Flash Player builds bundled with Google Chrome, Microsoft Edge and Internet Explorer 11 will be upgraded automatically through those browsers’ update mechanisms. This Flash Player patch comes only two weeks after the company rushed out an emergency update to address a Flash vulnerability that attackers were already exploiting in the wild.

Adobe typically releases patches on the second Tuesday of every month, to align them with Microsoft’s Patch Tuesday. In addition to Flash Player, the company also released a patch for Adobe Connect on Windows.

The newly released 9.5.7 version fixes an input validation vulnerability in the events registration module that could be exploited in cross-site scripting attacks. Users who use Connect on Adobe’s hosted services don’t need to take any action as their accounts will be upgraded automatically.

Adobe patches critical vulnerability in ColdFusion application server

Adobe Systems released critical security patches for its ColdFusion application server, which has been a target for hackers in the past. The updates are available for ColdFusion versions 10 and 11 and address a critical security vulnerability that coul...