Adobe Patch Tuesday January 2014 - Internet Security

Adobe Patch Tuesday January 2014
Adobe released two bulletins today: 1 - Reader/Acrobat This bulletin fixes three vulnerabilities. Adobe rates this one "Priority 1" meaning that these vulnerabilities are already exploited in targeted attacks and administrators should patch ASAP. After the patch is applied, you should be running Acrobat/Reader 11.0.06 or 10.1.9 . 2 - Flash Player and Air The flash player patch fixes two vulnerabilities. The Flash player problem is rated "Priority 1" for Windows and OS X. The Air vulnerability is rated "3" for all operating systems. For Linux, either patch is rated "3". Patching flash is a bit more complex in that it is included with some browsers, in which case you will need to update the browser. For example Internet Explorer 11 and Chrome include Flash. http://helpx.adobe.com/security/products/flash-player/apsb14-01.html http://helpx.adobe.com/security/products/flash-player/apsb14-02.html ------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019	Johannes 3552 Posts ISC Handler
Subscribe	Jan 14th 2014 5 years ago
That should read "11.0.6" for Acrobat/Reader version, not .5 http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.06.html	Jaybone 27 Posts
Quote	Jan 14th 2014 5 years ago
Fixed. thanks!	Johannes 3552 Posts ISC Handler
Quote	Jan 14th 2014 5 years ago
Is the Flash version change from 11.9 to 12.0 a major feature release or just a rollover? I see Adobe has an extended support 11.7 player, so it does seem 12 might be a major. Prefer to be the last to use new feature versions since new features equals new bugs.	Starlight 34 Posts
Quote	Jan 15th 2014 5 years ago
The like for APSB14-01 should be - http://helpx.adobe.com/security/products/acrobat/apsb14-01.html rather than - http://helpx.adobe.com/security/products/flash-player/apsb14-01.html	Btayloruk 1 Posts
Quote	Jan 15th 2014 5 years ago
From http://helpx.adobe.com/en/flash-player/release-note/fp_12_air_4_release_notes.html: "Today we are introducing a new numbering scheme for our product versions. Adopting the pattern set by Google Chrome and Mozilla Firefox, we will simply update the major version number with each subsequent release. In other words, beginning with this release, Flash Player will become Flash Player 12. With each new major release, roughly every 3 months, that number will increase by one."	Btayloruk 4 Posts
Quote	Jan 15th 2014 5 years ago
> Prefer to be the last to use new feature versions, since new features equals new bugs. Whaa? You prefer to be a target from hackers (and script-kiddies) exploiting "well-known/well-publicized" bugs, rather than patching to become immune to those exploits? Go ahead; it's your computer (and your complete collection of backups -- you do have backups ???) that you are risking.	Anonymous
Quote	Jan 18th 2014 5 years ago
(removed a duplicate posting)	Anonymous
Quote	Jan 18th 2014 5 years ago