Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe critical security updates - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe critical security updates

This is a busy day for the folks doing patching out there. Aside from the MS patches released today, Adobe also released a bunch of security updates.

Here are the links to the each of the security updates,

Flash Media Server - Rating : Critical (rated by Adobe)

Adobe AIR and Flash - Rating : Critical (rated by Adobe)

ColdFusion - Rating : Important (rated by Adobe)

With the current exploitation trend, the Flash vulnerability should be a high priority for patching. Happy patching.

 

--------------------
Jason Lam

Jason

93 Posts
ISC Handler
Just something to watch out for...
I am using Chrome, and it says I have 10,1,53,64 installed, and that I should upgrade to 10.1.82.76.
However on the download page it says I already have the latest version.
I tested it on IE and it updates ok. (no good for me though as i don't use it)
Anonymous
The new flash uninstaller doesn't seem to be doing its job. Running it doesn't remove either Adobe Flash Player 10 ActiveX or Plugin. (Even when not running it silent)
K-Dee

63 Posts
Yup, I'm seeing the same problem with Chrome.

Luckily on Linux I just use the exact same libflashplayer.so for all versions of firefox and chrome as well. hardlinks FTW :). Takes a restart of Chrome to pick up the new version though.
Anonymous
Looks like my Flash uninstaller issue was isolated to one system. I ended up having to manually uninstall via control panel. The rest of my test systems seem OK.
K-Dee

63 Posts
Round 3 with the uninstaller...

I am seeing this on all of my test WinXP SP3 systems.....

If you have the newest v10.1.82.76 installed:
When you run the new Uninstaller, the following happens
- Flash no longer works according to adobe.com/software/flash/about
- Entries for both Flash ActiveX and Flash Plugin still appear in Add/Removes programs
- When you try to run the offline Flash MSI installer, (for both ActiveX and Plugin) it asks if you want to repair or remove...(which means the installer still thinks flash is installed). If you choose remove then the removal works fine


The uninstaller does seem to work fine if you have the previous v10.1.53.64 installed, but does not uninstall the newest version.

On the single Vista computer I have to test with, the uninstaller works fine for both the new and old versions. No testing done on Win7
K-Dee

63 Posts
OK got this figured out.... turns out it was the MSI installer that was the issue......

Every year I sign up for the license that allows me to distribute the Flash player to all of my computers. The link they give me allows me to download an MSI installer or an EXE installer, and I have always used the MSI.

The EXE installer doesn't have this problem..... the uninstaller works fine.

K-Dee

63 Posts

Sign Up for Free or Log In to start participating in the conversation!