Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Adobe December Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe December Patch Tuesday

Adobe today released two new bulletins, and updaed the Reader/Acrobat bulletin that was published a week ago.

APSB14-27: Security Update for Adobe Flash Player

This update fixes 6 vulnerabilities, some of which can lead to remote code execution. Adobe rates this patch with a priority of "1", indicating that the vulnerability has already been exploited in targeted attacks.

APSB14-28: Security Update for Adobe Reader and Acrobat

This updates fixes 20 different vulnerabilities. The bulletin has a rating of 1. 

APSB14-29: Hotfixes for ColdFusion

This bulletin applies to ColdFusion 10 and 11 and fixes a denial of service vulnerability (CVE-2014-9166). The vulnerability has not been used in any exploits so far.

 

http://helpx.adobe.com/security.html

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Johannes

3033 Posts
ISC Handler
also AIR updated from 15.0.0.293 to 15.0.0.356
Starlight

34 Posts Posts
Hi,
I am NOT sure if this is the correct method to add a comment to this Diary article ?
As a relative newby - I am finding my way around the SANS ISC site.

My Diary comment is as follows:-

The Adobe web site is rather confused about the update status of the free Shockwave Player. According to Adobe, the latest download version is 12.1.5.155 - however, no matter what browser you use - IE, Firefox, Google Chrome, etc. - the version of code that is downloaded is the previous version 12.1.4.154.

This may pose a possible Security Risk - I will keep an eye on the Adobe Shockwave web page and see whether the download code changes.
MalcolmP

4 Posts Posts
Quoting MalcolmP:Hi,
I am NOT sure if this is the correct method to add a comment to this Diary article ?
As a relative newby - I am finding my way around the SANS ISC site.


Indeed, it was the correct method for adding a comment. Welcome to the site! :)
Alex Stanford

154 Posts Posts
Quoting MalcolmP:

The Adobe web site is rather confused about the update status of the free Shockwave Player. According to Adobe, the latest download version is 12.1.5.155 - however, no matter what browser you use - IE, Firefox, Google Chrome, etc. - the version of code that is downloaded is the previous version 12.1.4.154.

This may pose a possible Security Risk - I will keep an eye on the Adobe Shockwave web page and see whether the download code changes.


As an update to my previous comment - the Adobe Shockwave player web page has now been fixed by Adobe. When you click the download link, you get the correct v12.1.5.155 code package downloaded. I have downloaded and installed the latest code and it seems to work OK so far.
MalcolmP

4 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!