September 20, 2014

Adobe updates Flash Player, Shockwave Player and Acrobat Reader to close security vulnerabilities but Google issues warning

(LiveHacking.Com) – Adobe has released a series of security advisories about its Flash Player, Shockwave Player and Acrobat Reader to close security vulnerabilities. As a result of the updates Google has released a new version of the Chrome web browser but they have also issued a warning about using Acrobat Reader on Windows (as there are still Critical vulnerabilities which are unfixed) and on Linux which was not patched at all. Gynvael Coldwind of the Google Security Team said “we consider users of Adobe Reader to be exposed to serious risk.”

According to the Google security researchers, Adobe Reader for Linux users are exposed to all the known critical vulnerabilities, while Adobe Reader for Windows and Mac OS X users are currently vulnerable to up to 6 and 10 unpatched issues (respectively).

What Adobe did patch for its PDF reader affects Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. The updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. The new versions fix stack and buffer overflow vulnerabilities as well as memory corruption vulnerabilities. In the security advisory Adobe thanks Mateusz Jurczyk and Gynvael Coldwind, of the Google Security Team, for twelve of the bugs found.

Adobe has also released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. The update addresses five memory corruption vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

There is also an update for Flash Player on Windows, Macintosh and Linux. The updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system. This bug is currently being exploited in the wild via a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

Adobe Releases Security Bulletins for Illustrator, Photoshop, Flash Professional and Shockwave Player

(LiveHacking.Com) – Adobe has released security bulletins describing critical vulnerabilities in Illustrator, Photoshop, Flash Professional and Shockwave Player:

Illustrator

Adobe released a security upgrade for Adobe Illustrator CS5.5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Illustrator.

Photoshop

Adobe has released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIF file must be opened in Photoshop CS5 and earlier for Windows and Macintosh by the user for an attacker to be able to exploit these vulnerabilities. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop.

Flash Professional

Adobe has released a security upgrade for Adobe Flash Professional CS5.5 (11.5.1.349) and earlier for Windows and Macintosh. This upgrade addresses a vulnerability that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Flash Professional.

Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system.