Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server

The Adobe security team have released security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server

Three are marked critical:

    APSB11-09 – Security update available for RoboHelp (Important Severity)
    APSB11-10 – Security update available for Audition (Critical Severity)
    APSB11-11 – Security update available for Flash Media Sever (FMS) (Critical Severity)
    APSB11-12 – Security update available for Flash Player (Critical Severity)

Please read the Adobe security blog fore more details:
http://blogs.adobe.com/psirt/2011/05/security-updates-available-for-flash-player-robohelp-audition-and-flash-media-server.html 

Thanks to Diary reader Toby for bring this to our attention

 

Chris Mohan --- Internet Storm Center Handler on Duty

Chris

105 Posts
ISC Handler
As expected there is also a new version of Chrome for this fix (11.0.696.68). The 64bit version "flash square" (beta) is now at 10.3.162.28 (for IE9 x64).
Anonymous
Local settings manager (new in desktop only)
- http://www.adobe.com/products/flashplayer/features/index.html
"... Flash Player 10.3 integrates control of local storage with the browser's privacy settings... Users can access the Flash Player Settings Manager directly from the Control Panel or System Preferences..."
.
Jack

160 Posts
- http://www.securitytracker.com/id/1025533
Friday the 13th - "... One of the vulnerabilities [CVE-2011-0627] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
.
Jack

160 Posts
@PC.Tech
"Users can access the Flash Player Settings Manager directly..."
Bout time. Having the only access be a web page was the height of arrogance. When you most need it is probably when you're not online. Also, a nice feature is the "Check Now" button, though it's to be seen whether this works when the updates become available and not several hours/days later as happens with Adobe stuff.
Jack
57 Posts
@Sean
... Cautionary note: Experience since Flash 10.3 was installed shows that these "settings" made by the user are reset at times without prompting (??).
So, if you're not already using the Firefox add-on BetterPrivacy, get it installed - if you already have it installed, keep it.
> https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
.
Jack

160 Posts

Sign Up for Free or Log In to start participating in the conversation!