Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Patch Tuesday January 2014 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Patch Tuesday January 2014

 Adobe released two bulletins today:

1 - Reader/Acrobat

This bulletin fixes three vulnerabilities. Adobe rates this one "Priority 1" meaning that these vulnerabilities are already exploited in targeted attacks and administrators should patch ASAP.

After the patch is applied, you should be running Acrobat/Reader 11.0.06 or 10.1.9 .

2 - Flash Player and Air

The flash player patch fixes two vulnerabilities. The Flash player problem is rated "Priority 1" for Windows and OS X. The Air vulnerability is rated "3" for all operating systems. For Linux, either patch is rated "3".

Patching flash is a bit more complex in that it is included with some browsers, in which case you will need to update the browser. For example Internet Explorer 11 and Chrome include Flash.

 

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019

Johannes

3630 Posts
ISC Handler
That should read "11.0.6" for Acrobat/Reader version, not .5

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.06.html
Jaybone

27 Posts
Fixed. thanks!
Johannes

3630 Posts
ISC Handler
Is the Flash version change from 11.9 to 12.0
a major feature release or just a rollover?

I see Adobe has an extended support 11.7
player, so it does seem 12 might be a major.
Prefer to be the last to use new feature
versions since new features equals
new bugs.
Starlight

34 Posts
The like for APSB14-01 should be -

http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

rather than -

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html
Btayloruk

1 Posts
From http://helpx.adobe.com/en/flash-player/release-note/fp_12_air_4_release_notes.html:

"Today we are introducing a new numbering scheme for our product versions. Adopting the pattern set by Google Chrome and Mozilla Firefox, we will simply update the major version number with each subsequent release. In other words, beginning with this release, Flash Player will become Flash Player 12. With each new major release, roughly every 3 months, that number will increase by one."
Btayloruk
4 Posts
> Prefer to be the last to use new feature versions, since new features equals new bugs.

Whaa?

You prefer to be a target from hackers (and script-kiddies) exploiting "well-known/well-publicized" bugs, rather than patching to become immune to those exploits?

Go ahead; it's your computer (and your complete collection of backups -- you do have backups ???) that you are risking.
Anonymous
(removed a duplicate posting)
Anonymous

Sign Up for Free or Log In to start participating in the conversation!