Today's Adobe Patches and Vulnerablities
It is not easy to keep up with Adobe these days. Patches and new exploits are almost released on a daily schedule. So here is the current "State of Adobe" the way I see it:
| Product | Latest Version | Latest Vulnerabilities |
|---|---|---|
| PDF Reader | 9.4.0 |
version 9.4.0 (latest version) is vulnerable |
| Flash Player | 10.1.102.64 | version 10.1.85.3 is vulnerable. Patch released today (Nov. 4th) "Authplay Vulnerability" CVE-2010-3654 |
| Shockwave Player | 11.5.9.615 | 11.5.9.615 (latest version) is vulnerable Shockwave Settings" Use-After-Free Vulnerability) Secunia# SA42112, no CVE Number assigned yet |
| Acrobat | 9.4.0 | version 9.4.0 (latest version) is vulnerable "Authplay Vulnerability" CVE-2010-3654
|
| Air | 2.5 | version 2.0.3 is vulnerable (old version) |
Please let me know if you have corrections, or better if you find a simple overview about "the state of Adobe bugs" on Adobe's own site. Any Adobe people out there: Feel free to copy the concept :). This table will be "frozen" to today's state and we may update similar, updated tables in the future as a new article.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Keywords: adobe
19 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
![modal content]()
Diary Archives
Comments
I'd encourage Adobe to focus less on pushing partnered content (web browser toolbars or a/v products) with the Adobe product downloads, and instead create a support page that serves the exact purpose as what Johannes has created here.
Also, links to such things as the tests to confirm installation of Flash/Shockwave/Air could be included there, too. Extra points would be awarded if the tests would accurately identify installed version numbers.
In the meantime, thanks again!
Joel
Nov 4th 2010
1 decade ago
I can't imagine why Adobe hasn't made these pages consistently useful...
Paul
Nov 5th 2010
1 decade ago
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
Additionally, it states that Adobe Acrobat is not affected.
Juha-Matti
Nov 5th 2010
1 decade ago
At the present it still says Flash Player 10.1.85.3 is CURRENT but I hope this is updated shortly.
It finds the "Microsoft Office 2010" plugin, but does not know what it is.
dotBATman
Nov 5th 2010
1 decade ago
Maybe another column titled "Update Available" stating "Yes", "ETA dd.Mmm.yy" or "No" would make the table easier to read / script.. :)
I wish we could all agree on one location and format for this table, for all operating systems and applications. That way software authors and users would only need to update / check once.. Utopia!
dotBATman
Nov 5th 2010
1 decade ago
Juanma Merino
Nov 5th 2010
1 decade ago
Flash Player version 10.1.102.64 reads as version 10.1 (r102) - at least for the Windows version of Flash Player.
Ottmar Freudenberger
Nov 5th 2010
1 decade ago
uninstall_flash_player.exe (228 KB) (updated 04.Nov.2010).
http://kb2.adobe.com/cps/141/tn_14157.html?promoid=DTEGO
dotBATman
Nov 5th 2010
1 decade ago
I'd trust http://www.adobe.com/software/flash/about/
dotBATman
Nov 5th 2010
1 decade ago
eddie
Nov 5th 2010
1 decade ago