Other Patch Tuesday Updates (Adobe, Apple) - SANS Internet Storm Center

Other Patch Tuesday Updates (Adobe, Apple)
Adobe released two bulletins today: APSB13-24: Security update for RoboHelp http://www.adobe.com/support/security/bulletins/apsb13-24.html I don't remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window. APSB13-25: Security update for Adobe Acrobat and Adobe Reader http://www.adobe.com/support/security/bulletins/apsb13-25.html This update fixes a problem that was introduced in a recent update and effects Javascript security controls. As a result, only version 11.0.4 appears affected, no earlier versions. Only the Windows version of these Adobe tools are affected. Apple released iTunes 11.1.1 today. The respective security page has not yet been updated, but expect a link to the security content of this update within the next day or so. http://support.apple.com/kb/HT1222 . This update only affects Windows. Patches for iTunes on OS X are usually released as part of OS X updates. Did I miss any? ------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019	Johannes 3608 Posts ISC Handler
Subscribe	Oct 9th 2013 5 years ago
New flash - version 11.9.900.117 - but for some reason, its not listed on the adobe security advisories site.	TexISO 19 Posts
Quote	Oct 9th 2013 5 years ago
It seems to be a bug fix release. No mention of security updates. http://helpx.adobe.com/en/flash-player/release-note/fp_119_air_39_release_notes.html via http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html	Ken S 3 Posts
Quote	Oct 9th 2013 5 years ago
Also, Adobe Air was updated to v 3.9.0.1030 presumably for bug fixes as well – no security bulletins have been released and there is no detailed documentation available at this time, but it is probably a good idea to update Air to the latest version as well. http://get.adobe.com/air/ *** Security update released for RoboHelp Security update available for RoboHelp Release date: October 8, 2013 Vulnerability identifier: APSB13-24 Priority: See table below CVE number: CVE-2013-5327 Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section below. Affected software versions RoboHelp 10 for Windows Solution Adobe recommends users of RoboHelp 10 apply the fix using the instructions below: Backup the MDBMS.dll file: 1. Browse to the RoboHTML folder - the default location is %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\ 2. Rename MDBMS.dll to MDBMS.old Install the update: 1. Download the APSB13-24.zip file 2. Move MDBMS.dll from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\ This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5327). *** iTunes 11.1.1 was actually released by Apple on 10/04/13	toymaster 13 Posts
Quote	Oct 9th 2013 5 years ago

Adobe released two bulletins today:

APSB13-24: Security update for RoboHelp
http://www.adobe.com/support/security/bulletins/apsb13-24.html

I don't remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window.

APSB13-25: Security update for Adobe Acrobat and Adobe Reader
http://www.adobe.com/support/security/bulletins/apsb13-25.html

This update fixes a problem that was introduced in a recent update and effects Javascript security controls. As a result, only version 11.0.4 appears affected, no earlier versions. Only the Windows version of these Adobe tools are affected.

Apple released iTunes 11.1.1 today. The respective security page has not yet been updated, but expect a link to the security content of this update within the next day or so. http://support.apple.com/kb/HT1222 . This update only affects Windows. Patches for iTunes on OS X are usually released as part of OS X updates.

Did I miss any?

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3608 Posts
ISC Handler

New flash - version 11.9.900.117 - but for some reason, its not listed on the adobe security advisories site.

TexISO

19 Posts

It seems to be a bug fix release. No mention of security updates.
http://helpx.adobe.com/en/flash-player/release-note/fp_119_air_39_release_notes.html
via
http://www.adobe.com/support/documentation/en/flashplayer/releasenotes.html

Ken S

3 Posts

Also, Adobe Air was updated to v 3.9.0.1030 presumably for bug fixes as well – no security bulletins have been released and there is no detailed documentation available at this time, but it is probably a good idea to update Air to the latest version as well.

http://get.adobe.com/air/

*****

Security update released for RoboHelp

Security update available for RoboHelp
Release date: October 8, 2013
Vulnerability identifier: APSB13-24
Priority: See table below
CVE number: CVE-2013-5327

Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section below.

Affected software versions
RoboHelp 10 for Windows

Solution
Adobe recommends users of RoboHelp 10 apply the fix using the instructions below:
Backup the MDBMS.dll file:
1. Browse to the RoboHTML folder - the default location is %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\
2. Rename MDBMS.dll to MDBMS.old
Install the update:
1. Download the APSB13-24.zip file
2. Move MDBMS.dll from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5327).

*****

iTunes 11.1.1 was actually released by Apple on 10/04/13

toymaster

13 Posts