Today's Adobe Patches and Vulnerablities
It is not easy to keep up with Adobe these days. Patches and new exploits are almost released on a daily schedule. So here is the current "State of Adobe" the way I see it:
| Product | Latest Version | Latest Vulnerabilities |
|---|---|---|
| PDF Reader | 9.4.0 |
version 9.4.0 (latest version) is vulnerable |
| Flash Player | 10.1.102.64 | version 10.1.85.3 is vulnerable. Patch released today (Nov. 4th) "Authplay Vulnerability" CVE-2010-3654 |
| Shockwave Player | 11.5.9.615 | 11.5.9.615 (latest version) is vulnerable Shockwave Settings" Use-After-Free Vulnerability) Secunia# SA42112, no CVE Number assigned yet |
| Acrobat | 9.4.0 | version 9.4.0 (latest version) is vulnerable "Authplay Vulnerability" CVE-2010-3654
|
| Air | 2.5 | version 2.0.3 is vulnerable (old version) |
Please let me know if you have corrections, or better if you find a simple overview about "the state of Adobe bugs" on Adobe's own site. Any Adobe people out there: Feel free to copy the concept :). This table will be "frozen" to today's state and we may update similar, updated tables in the future as a new article.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Keywords: adobe
19 comment(s)
Join us at SANS!
Attend Intrusion Detection In-Depth with Johannes Ullrich in Las Vegas starting Jun 08 2020
