|
Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system". According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution. CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution. Both of these sound serious enough to warrant updating as soon as reasonable. Further information can be found at: https://helpx.adobe.com/
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) |
Rick 324 Posts ISC Handler Mar 8th 2016 |
| Thread locked Subscribe |
Mar 8th 2016 6 years ago |
|
Patch released for Flash also. One day late maybe?
|
Paul Szabo 14 Posts |
| Quote |
Mar 10th 2016 6 years ago |
|
Looks like the Flash player updates were released today (Thursday 2016-03-10).
helpx.adobe.com/security/products/flash-player/… |
Brad 433 Posts ISC Handler |
| Quote |
Mar 10th 2016 6 years ago |
|
To possibly help anyone deploying the Reader 11 security patch and writing detection logic for it - the acrord32.exe file doesn't seem to be touched, and is still 11.0.14 from December. Acrord32.dll, however, is updated to 11.0.15, as well as some other files.
|
Jaybone 27 Posts |
| Quote |
Mar 11th 2016 6 years ago |
|
Adobe just released Flash 21.0.0.197
|
ELBE 13 Posts |
| Quote |
Mar 24th 2016 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
