Adobe Security Patches Released so Far in July 2015

Adobe has posted multiple security advisories and updates for its products this month:

  • Adobe Flash Player: A Security Advisory (APSA15-03) was posted earlier this month regarding a critical vulnerability in Adobe Flash Player, affecting Windows, Macintosh and Linux. Adobe did take quick steps to fix the software. The details of the updates were posted in APSA15-16. A week later, another update was released via APSA15-18. To make sure you have the latest update, go to the About Flash Player page. If using Firefox, Flash may be disabled by default. If on Windows or Macintosh, you should be running version 18.0.0.209. If using Linux, you should be running version 11.2.202.491.
  • Adobe Acrobat and Reader: Adobe Acrobat X and XI and Reader X and XI have security updates (APSA15-15) for critical vulnerabilities. The latest version for Adobe and Reader XI is 11.0.12 and for Acrobat and Reader X is 10.1.15.
  • Adobe Shockwave Player: A security update was released via a security bulletin (APSA15-17) for a vulnerability in Shockwave Player version 12.1.8.158 and earlier. The latest version of the player is version 12.1.9.159, available via the Shockwave Player Download Center.

In all cases, Adobe recommends users update their software to the latest versions. Read more about the Adobe Flash Player update in the news here.

Several big Internet players are calling for the retirement of Adobe Flash. Read that story in the news here.

Adobe Security Updates for Reader and Acrobat

This week Adobe released security updates for Adobe Reader and Acrobat for Windows and Macintosh. The updates patch 34 vulnerabilities in Acrobat X, Acrobat XI, Reader X and Reader XI that could potentially allow an attacker to take over the affected system.

Adobe recommends users update their product installations to the latest versions. Read the details in the Adobe Security Bulletin.

Adobe Updates for Reader and Acrobat XI

Adobe is planning to release security updates on Tuesday, May 13, for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. The updates address critical vulnerabilities in the software.

Oracle and Adobe’s First Critical Patches of 2014

Adobe-LogoOracle and Adobe will release critical patches along side Microsoft on Patch Tuesday. Expected updates:

Security Updates for Adobe Reader and Acrobat

Adobe-LogoUnrelated to the above problems, Adobe is planning to release security updates on Tuesday, October 8 for Adobe Reader and Acrobat XI for Windows.

Software Patches for Adobe and Mozilla Products

Adobe

Adobe has issued security updates to address critical flaws in Reader, Acrobat, Flash Player and ColdFusion. The updates for Reader and Acrobat address a total of 27 vulnerabilities, 24 of which could be exploited to execute arbitrary code (malware). The updates for Flash address 13 vulnerabilities, and a hotfix for ColdFusion addresses two flaws.

Read the details in the news.

Mozilla

Mozilla has released Firefox 21, which addresses 13 security issues in the previous version of the browser. Firefox 21 also introduces a feature called “Health Report,” which lets users see information about the browser’s performance, including start-up times, total running time, and crashes, as well as the number of plug-ins, add-ons, and bookmarks. Mozilla has also released Firefox 21 for Android.

Read the details in the news.

NOTE FOR THE MIT COMMUNITY: Information Services & Technology recommends that, if you are accessing MIT enterprise applications, such as SAPweb and Employee Self Service, to remain using Firefox ESR, available from the Software grid.

Zero-Day Threat in Adobe Reader

An unpatched vulnerability recently found in Adobe Reader could be exploited when users open a PDF file in a browser other than Google Chrome (Chrome has an added defense on the Adobe Reader application). The exploit is very limited, but if triggered could evade the sandbox security feature in Adobe Reader X and XI and connect to malware. Adobe has yet to respond to the report.

Learn more about this issue in the news.