|
Adobe has released security advisory APSB14-07 which is an update for Adobe Flash Player versions 12.0.0.44 and prior. It impacts both Windows and Mac versions, and those on Linux prior to 11.2.202.336. It addresses CVE-2014-0502 which is being exploited in the wild, and Adobe say you should update asap! Details are available on the Adobe site. Steve Hall ISC Handler www.tarkie.net |
Stephen 89 Posts Feb 20th 2014 |
| Thread locked Subscribe |
Feb 20th 2014 8 years ago |
|
Just to clarify, according to the Adobe bulletin, Linux versions prior to AND INCLUDING 11.2.202.336 are impacted. Adobe suggests installing "Flash Player 11.2.202.341" to mitigate the vulnerability.
|
Landrew 6 Posts |
| Quote |
Feb 20th 2014 8 years ago |
|
Wow, 2nd out of band patch for Flash in less than a month and near monthly security updates for ages now. One would think Adobe would take some pride, set down and do some serious code review at some point.
Geesh, how many security vulnerabilities can you possibly code into a browser plugin? |
Landrew 13 Posts |
| Quote |
Feb 21st 2014 8 years ago |
|
Really, I have about 50 customers and it's getting REALLY old applying 2-3 patches a MONTH just to keep up.
|
Landrew 1 Posts |
| Quote |
Feb 21st 2014 8 years ago |
|
Is it possible that IE use after free vuln is related? Chrome also updated yesterday with a use after free related to web content fix among others. Or is it just coincidence?
|
G.Scott H. 48 Posts |
| Quote |
Feb 21st 2014 8 years ago |
|
- https://secunia.com/advisories/57057/
Release Date: 2014-02-21 Criticality: Extremely Critical Where: From remote Impact: Exposure of sensitive information, System access... Solution: Update to Flash Player 12.0.0.70: - http://helpx.adobe.com/security/products/flash-player/apsb14-07.html - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498 - 10.0 (HIGH) - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499 - 7.8 (HIGH) - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH) Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..." . |
PC.Tech 34 Posts |
| Quote |
Feb 21st 2014 8 years ago |
|
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - http://technet.microsoft.com/en-us/security/advisory/2755801 Updated: Feb 20, 2014 - Version: 20.0 - https://secunia.com/advisories/57067/ Release Date: 2014-02-21 Criticality: Highly Critical Where: From remote Impact: Exposure of sensitive information, System access... For more information: https://secunia.com/SA57057/ Solution: Apply updates... . |
PC.Tech 34 Posts |
| Quote |
Feb 21st 2014 8 years ago |
|
Abobe :) ha ha
|
PC.Tech 1 Posts |
| Quote |
Feb 25th 2014 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
