Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Abobe out of band patch announcement (APSB14-07) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Abobe out of band patch announcement (APSB14-07)

Adobe has released security advisory APSB14-07 which is an update for Adobe Flash Player versions 12.0.0.44 and prior. It impacts both Windows and Mac versions, and those on Linux prior to 11.2.202.336.

It addresses CVE-2014-0502 which is being exploited in the wild, and Adobe say you should update asap!

Details are available on the Adobe site.

Steve Hall

ISC Handler

www.tarkie.net

Stephen

89 Posts
ISC Handler
Just to clarify, according to the Adobe bulletin, Linux versions prior to AND INCLUDING 11.2.202.336 are impacted. Adobe suggests installing "Flash Player 11.2.202.341" to mitigate the vulnerability.
Landrew

6 Posts
Wow, 2nd out of band patch for Flash in less than a month and near monthly security updates for ages now. One would think Adobe would take some pride, set down and do some serious code review at some point.

Geesh, how many security vulnerabilities can you possibly code into a browser plugin?
Landrew
13 Posts
Really, I have about 50 customers and it's getting REALLY old applying 2-3 patches a MONTH just to keep up.
Landrew
1 Posts
Is it possible that IE use after free vuln is related? Chrome also updated yesterday with a use after free related to web content fix among others. Or is it just coincidence?
G.Scott H.

48 Posts
- https://secunia.com/advisories/57057/
Release Date: 2014-02-21
Criticality: Extremely Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
Solution:
Update to Flash Player 12.0.0.70:
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499 - 7.8 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..."
.
PC.Tech

34 Posts
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Feb 20, 2014 - Version: 20.0

- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
.
PC.Tech

34 Posts
Abobe :) ha ha
PC.Tech
1 Posts

Sign Up for Free or Log In to start participating in the conversation!