Adobe Releases Flash Player Update, Delays Reader and Acrobat Fixes

Last week, Adobe released an update for Flash to address a dozen critical flaws. Chrome and IE 11 users will find their versions of Flash automatically updated.  You can see which version you have installed here, or download Adobe Flash Player here.

Fixes for flaws in Reader and Acrobat that had been scheduled to be released last week are delayed until this week so Adobe can conduct further testing.

Read the full story in the news.

Flash Player Updates & Microsoft Security Updates

ADOBE

Due to recent security vulnerabilities in Flash Player, Adobe has released version 14.0.0.145 (11.2.202.394 for Linux) this week for all platforms. All operating systems on the now out-of-date versions are vulnerable and recommended to update to the latest version. Additionally because of the severity of these vulnerabilities, Apple has blocked all out-of-date Flash Player plug-ins for OS X.

From Apple: “Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 14.0.0.145 and 13.0.0.231.”

Install or check your version of Flash Player in your browser here.

For assistance, contact the Help Desk at 617.253.1101 or helpdesk@mit.edu. You can also submit a request online.

MICROSOFT

Last week on Patch Tuesday, July 8th, Microsoft released six updates to address 29 security vulnerabilities.

Systems affected:

  • Internet Explorer (all supported versions)
  • Microsoft Windows (all supported versions)

There was also updated firmware for all Microsoft Surface tablets, labeled “System Firmware Update – 7/8/2014,” available via Windows Update, improving various hardware issues.

Read the story in the news.

Oracle and Adobe’s First Critical Patches of 2014

Adobe-LogoOracle and Adobe will release critical patches along side Microsoft on Patch Tuesday. Expected updates:

Adobe Releases Security Updates for Flash, ColdFusion

Adobe-LogoAdobe has released security updates for Flash Player and ColdFusion to address four vulnerabilities. The Flash update is available for Windows, Mac, and Linux. According to Adobe, the updates are not related to the recent theft of ColdFusion source code.

Read the full article online.

Adobe Network Attacked

Adobe-LogoAdobe’s security team recently discovered sophisticated attacks on their network, involving the illegal access of information for approximately 2.9 million Adobe customers, as well as source code for numerous Adobe products. Adobe believes attacks may be related. They are working diligently, both internally and with partners and law enforcement, to address the incident.

 

Adobe recommends these steps:

  • Reset your Adobe ID and password.
  • Protect yourself against phishing.

IS&T recommends using the same vigilance as always for safe computing. If you are taking proactive steps to secure your computer, including applying patches immediately after release, and using virus protection software, there is a good chance of avoiding any issues.

Read the full Adobe security alert.

An MIT colleague mentioned to me that the Adobe security alert was also emailed out to Adobe customers. If you did receive one, you might be tempted to ignore it, or assume it is a scam.

As with all emails that might seem fake, be sure to verify that the email came from an Adobe email address and that any links embedded in the message truly link to an adobe.com web page. Other things to look for in “phishy” emails.

Why Patch a Mac?

Apple-LogoAccording to ZD Net, this has been a fairly busy security update season for Mac users. In fact, they say, Mac users have a lot more work involved to keep their systems safe.

There have been patches for the operating systems, for Safari for Mac, for Java and Adobe vulnerabilities, quite a long list compared to previous years.

There really are attacks out there against Macs which exploit vulnerabilities, so accepting and installing these patches is important.

Read the story online.

Adobe Updates Various Plug-Ins

Adobe has released updates to address multiple vulnerabilities in both Windows and Mac platforms.

Systems affected:

  • Adobe Flash Player 11.5 and earlier
  • Adobe AIR 3.5 and earlier
  • Adobe Shockwave Player 11.6 and earlier

Adobe recommends that users of these products apply the updates. A remote unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page. Do this for each browser you use. Google Chrome automatically updates when new versions of Flash Player are available.

See the full security bulletins regarding Adobe Flash Player and Adobe Shockwave Player for more details and how to update to the newest versions.

Follow

Get every new post delivered to your Inbox.

Join 62 other followers