Jump to content

Adobe Pushes Fix for Flash Zero-Day Attack (Fix=12.0.0.44)


ShyWriter

Recommended Posts

.

Adobe Pushes Fix for Flash Zero-Day Attack

 

Adobe Systems Inc. is urging users of its Flash Player software to upgrade to a newer version released today. The company warns that an exploit targeting a previously unknown and critical Flash security vulnerability exists in the wild, and that this flaw allows attackers to take complete control over affected systems.

 

The latest versions that include the fix for this flaw (CVE-2014-0497) are listed by operating system in the chart below.

 

flash12-0-0-43-600x120.png

 

The Flash update brings the media player to version 12.0.0.44 for a majority of users on Windows and Mac OS X.

This link will tell you which version of Flash your browser has installed. IE10/IE11 and Chrome should auto-update their versions of Flash to v. 12.0.0.44. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. The version of Chrome that includes this fix is 32.0.1700.107 for Windows, Mac, and Linux (to learn what version of Chrome you have, click the stacked bars to the right at of the address bar, and select “About Google Chrome” from the drop down menu). (More...)

 

Continued at: http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack/

 

Steve

 

Link to post
Share on other sites

Thanks, Shy. :)

 

This one must be a biggy, as Adobe normally would have issued a "regular" security patch next week, to coincide with M$ patch Tuesday.

Apparently, this couldn't wait b/c of exploits in the wild. :o

 

Main DT box patched fine with both exe installers for IE & Fx -- will do the other rigs when I fire them up this week.

 

Thanks for the head's up!

 

daledoc1

Link to post
Share on other sites

True 'dat.

It's actually been reasonably stable for a while now (not as bad as the old days, when each update would patch/fix 1 problem and create 2 new ones).

 

Longstanding habit from the days of "Macromedia" Flash and early Fx - I always run the uninstaller, d/l the full installers for IE and Fx from the flash player distribution3 page, and cleanly install.

It only takes a second, and I've never had performance issues <knocks on skull>.

Back in the day a system reboot in between was often recommended by the Mozilla script kiddies.

But I've not found that step to be needed for quite a long time.

 

YMMV,

 

daledoc1

Link to post
Share on other sites

Thanks for the update. As soon as I put 'adobe flash' in Google I get 3 articles about this emergency update.

 

Yep, this one was "all over the net" today -- I heard about it from ZDNet updates.

 

FWIW this is a good link to bookmark to keep abreast of Adobe security notifications -- I usually check it daily:

http://blogs.adobe.com/psirt/

Cheers,

 

daledoc1

Link to post
Share on other sites

I use a batch file or KiX script that uses WGET.

 

It presumes the files are stored in drive "E:\Stuff\Stuff\Adobe"

 

The using the WGET "-N" switch parameter means it will only download the file IFF the file on the web site is newer than what is on the hard disk.

 

BTW:  The fixed "Enterprise" URLs come from Steve's work.
 

;;;        Download Adobe Acrobat Flash;;              01-14-2014;;                 v1.23;SETCONSOLE("SHOW")SETCONSOLE("MAXIMIZE")SETCONSOLE("FOREGROUND")color y+/nclsgo E:cd "E:\Stuff\Stuff\Adobe"shell "wget -N http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_active_x.exe"shell "wget -N http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_plugin.exe"shell "wget -N http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Full.exe"sleep 6
Link to post
Share on other sites

I use a batch file or KiX script that uses WGET.

 

It presumes the files are stored in drive "E:\Stuff\Stuff\Adobe"

 

The using the WGET "-N" switch parameter means it will only download the file IFF the file on the web site is newer than what is on the hard disk.

 

BTW:  The fixed "Enterprise" URLs come from Steve's work.

 

 

That's pretty fancy-schmancy, Dave! :D

Over my head, to be sure.

I can't tell a batch file from a batch of cookies. :(

And the only "Kix" I know is a breakfast offering.

 

I just run this (though it's not strictly necessary these days), then download/run both the ActiveX and plug-in installers from here (no added junk), and VOILA.

Presto!

Link to post
Share on other sites

Ron and I have a long standing use of the KiXtart Scripting language.  In short it is call KiX.

 

There really isn't anything special that cant be done in a BAT or CMD batch file.

 

The power comes from the GNU WGET utility.

@echo offe:cd E:\STUFF\Adobewget -N http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_active_x.exewget -N http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_plugin.exewget -N http://download.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Full.exe
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.