Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Other Patch Tuesday Updates (Adobe, Apple) - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Other Patch Tuesday Updates (Adobe, Apple)

Adobe released two bulletins today:

APSB13-24: Security update for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html

I don't remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window.

APSB13-25: Security update for Adobe Acrobat and Adobe Reader
http://www.adobe.com/support/security/bulletins/apsb13-25.html

This update fixes a problem that was introduced in a recent update and effects Javascript security controls. As a result, only version 11.0.4 appears affected, no earlier versions. Only the Windows version of these Adobe tools are affected.

Apple released iTunes 11.1.1 today. The respective security page has not yet been updated, but expect a link to the security content of this update within the next day or so. http://support.apple.com/kb/HT1222 . This update only affects Windows. Patches for iTunes on OS X are usually released as part of OS X updates.

Did I miss any?

 

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Security West 2019

Johannes

3510 Posts
ISC Handler
New flash - version 11.9.900.117 - but for some reason, its not listed on the adobe security advisories site.
TexISO

19 Posts
It seems to be a bug fix release. No mention of security updates.
http://helpx.adobe.com/en/flash-player/release-note/fp_119_air_39_release_notes.html
via
http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html
Ken S

3 Posts
Also, Adobe Air was updated to v 3.9.0.1030 presumably for bug fixes as well – no security bulletins have been released and there is no detailed documentation available at this time, but it is probably a good idea to update Air to the latest version as well.

http://get.adobe.com/air/


*****


Security update released for RoboHelp

Security update available for RoboHelp
Release date: October 8, 2013
Vulnerability identifier: APSB13-24
Priority: See table below
CVE number: CVE-2013-5327

Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section below.

Affected software versions
RoboHelp 10 for Windows

Solution
Adobe recommends users of RoboHelp 10 apply the fix using the instructions below:
Backup the MDBMS.dll file:
1. Browse to the RoboHTML folder - the default location is %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\
2. Rename MDBMS.dll to MDBMS.old
Install the update:
1. Download the APSB13-24.zip file
2. Move MDBMS.dll from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5327).


*****

iTunes 11.1.1 was actually released by Apple on 10/04/13
toymaster

13 Posts

Sign Up for Free or Log In to start participating in the conversation!