Adobe Security Patches Released so Far in July 2015

Adobe has posted multiple security advisories and updates for its products this month:

  • Adobe Flash Player: A Security Advisory (APSA15-03) was posted earlier this month regarding a critical vulnerability in Adobe Flash Player, affecting Windows, Macintosh and Linux. Adobe did take quick steps to fix the software. The details of the updates were posted in APSA15-16. A week later, another update was released via APSA15-18. To make sure you have the latest update, go to the About Flash Player page. If using Firefox, Flash may be disabled by default. If on Windows or Macintosh, you should be running version 18.0.0.209. If using Linux, you should be running version 11.2.202.491.
  • Adobe Acrobat and Reader: Adobe Acrobat X and XI and Reader X and XI have security updates (APSA15-15) for critical vulnerabilities. The latest version for Adobe and Reader XI is 11.0.12 and for Acrobat and Reader X is 10.1.15.
  • Adobe Shockwave Player: A security update was released via a security bulletin (APSA15-17) for a vulnerability in Shockwave Player version 12.1.8.158 and earlier. The latest version of the player is version 12.1.9.159, available via the Shockwave Player Download Center.

In all cases, Adobe recommends users update their software to the latest versions. Read more about the Adobe Flash Player update in the news here.

Several big Internet players are calling for the retirement of Adobe Flash. Read that story in the news here.

Adobe Updates Flash Player

Adobe has released an update for its Flash Player that addresses at least 11 separate vulnerabilities. The most current version of Flash for Windows and Mac is now 17.0.0.134; Flash on Google Chrome and Internet Explorer on Windows 8.x should be updated automatically; Linux users are advised to update to version 11.2.202.451. Find out if you have the latest version of Flash installed on your browser.

Read the story at Krebs on Security.

Security Update Released for Adobe Flash Player

Last week, Adobe released a security update for Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the following affected systems:

  • Adobe Flash Player 15.0.0.242 and earlier versions
  • Adobe Flash Player 13.0.0.258 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.424 and earlier versions for Linux

The recommendation by Adobe is for users to update their software with version 16.0.0.235 (Windows and Macintosh) and version 11.2.202.425 (for Linux). Instructions can be found in the Adobe Security Bulletin.

Adobe Releases Flash Player Update, Delays Reader and Acrobat Fixes

Last week, Adobe released an update for Flash to address a dozen critical flaws. Chrome and IE 11 users will find their versions of Flash automatically updated.  You can see which version you have installed here, or download Adobe Flash Player here.

Fixes for flaws in Reader and Acrobat that had been scheduled to be released last week are delayed until this week so Adobe can conduct further testing.

Read the full story in the news.

Flash Player Updates & Microsoft Security Updates

ADOBE

Due to recent security vulnerabilities in Flash Player, Adobe has released version 14.0.0.145 (11.2.202.394 for Linux) this week for all platforms. All operating systems on the now out-of-date versions are vulnerable and recommended to update to the latest version. Additionally because of the severity of these vulnerabilities, Apple has blocked all out-of-date Flash Player plug-ins for OS X.

From Apple: “Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 14.0.0.145 and 13.0.0.231.”

Install or check your version of Flash Player in your browser here.

For assistance, contact the Help Desk at 617.253.1101 or helpdesk@mit.edu. You can also submit a request online.

MICROSOFT

Last week on Patch Tuesday, July 8th, Microsoft released six updates to address 29 security vulnerabilities.

Systems affected:

  • Internet Explorer (all supported versions)
  • Microsoft Windows (all supported versions)

There was also updated firmware for all Microsoft Surface tablets, labeled “System Firmware Update – 7/8/2014,” available via Windows Update, improving various hardware issues.

Read the story in the news.

Adobe Releases Security Updates for Flash, ColdFusion

Adobe-LogoAdobe has released security updates for Flash Player and ColdFusion to address four vulnerabilities. The Flash update is available for Windows, Mac, and Linux. According to Adobe, the updates are not related to the recent theft of ColdFusion source code.

Read the full article online.

Adobe Flash and AIR Updated

Last week, Adobe fixed a critical bug in Flash and AIR that might allow exploits or attacks in the wild. The latest Flash version is 11.7.700.224 for Windows and 11.7.700.225 for Mac OS X. Internet Explorer 10 and Chrome should auto-update their versions of Flash.

The most recent versions of Flash Player are also available from the Adobe website (when downloading, beware of potentially unwanted add-ons, like McAfee Security Scan). You can find out what version of Flash Player your browser is using here.

Adobe AIR was updated to version 3.7.0.2090 for Windows and Android and version 3.7.0.2100 for Mac OS X. Adobe AIR checks for and prompts you to install available updates anytime you launch an application that uses AIR. Or you can download the latest version here.