Jump to content

Zero-Day Fixes From Adobe..


Recommended Posts




Adobe has issued a patch for its Flash Player software that addresses at least two security holes, including a vulnerability that is already under active attack. Adobe said it is aware of reports of an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content. The company credits researcher Attila Suszter for reporting the flaw; more information about this bug is available at Suszter’s blog.






To find out whether your system has Flash installed and at what version, check this page. Updates are available for Windows, Mac and Linux versions of Flash. The latest version for Windows and Mac users is 11.9.900.170, and for Linux.


Google Chrome auto-updates its own versions of Flash (although not always right away); the newest Flash for Chrome is 11.9.900.170. Internet Explorer 10 and 11 on Windows 8 include an embedded version of Flash that gets updates from Windows Update, rather than through Adobe’s installer. On Windows 7 and earlier, Flash is not embedded, and needs ot be updated via Adobe’s updater or manually by downloading the appropriate version from this page.


In addition, Adode AIR (required by some applications like Pandora Desktop, for example) was updated to v. 3.9.1380 for Windows, Mac and Android devices. Adobe AIR checks for and prompts you to install any available updates anytime you launch an application that uses AIR; in any case, the download link is here.


Adobe also issued an update for its Shockwave Player software that fixes at least two vulnerabilities, bringing Shockwave to v. on Windows and Mac systems. Shockwave is one of those programs that I’ve urged readers to remove or avoid installing. Like Java, it is very often buggy software that many people have installed but do not really need for everyday Web browsing. Securing your system means not only making sure things are locked down, but removing unneeded programs, and Shockwave is near the top of my list on that front.


If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don’t have Shockwave installed and in all likelihood don’t need it. Firefox users should note that the presence of the Shockwave Flash plugin listed in the Firefox Add-ons section denotes an installation of Adobe Flash Player plugin — not Adobe Shockwave.


SOURCE: https://krebsonsecurity.com/2013/12/zero-day-fixes-from-adobe-microsoft/



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.