Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Flash Player Update SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash Player Update

On Tuesday, Adobe released an update for Shockwave Player (APSB12-02) and RoboHelp for Word (APSB12-04). The odd question on tuesday was: What happened to APSB12-03. Today, we learned the answer: Another bulletin from Adobe, APSB12-03, accompanied by a patch for Adobe's Flash player.

Sadly, with the odd release date, this bulletin has fallen a bit between the cracks. However, you should apply the patch *QUICKLY* as at least one of the vulnerabilities has already been exploited in the wild.

http://www.adobe.com/support/security/bulletins/apsb12-03.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019

Johannes

3685 Posts
ISC Handler
The version on their redistributable portal is still 11.1.102.62. Is there any other way to get a MSI of this thing?
Anonymous
11.1.102.55 was the previous version. 11.1.102.62 is the patched version for IE/Firefox/Chrome/etc. The higher version numbers are for Android. Note that there is no reference in the bulletin to CVE-2011-4693 or CVE-2011-4694, which were announced back in December (see http://isc.sans.edu/diary.html?storyid=12166 for more details). I don't know if those vulnerabilities were fixed silently (so as to avoid giving credit) or were ignored.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!