Adobe Security bulletins and advisories [14 Aug 2012]

[ronjor]

Quote:

This page contains important information regarding security vulnerabilities that may affect specific versions of Adobe products and solutions. Please use this information to take the corrective actions prescribed. In our effort to serve you better, you may also sign up for e-mail notification of any future advisories.

https://www.adobe.com/support/security/

[hogndog]

Thanks got it..

[siljaline]

• Security update available for Adobe Flash Player
http://www.adobe.com/support/securit...apsb12-18.html
• Security update available for Adobe Shockwave Player
http://www.adobe.com/support/securit...apsb12-17.html
• Security update available for Adobe Reader and Acrobat
http://www.adobe.com/support/securit...apsb12-16.html

Readers are urged to avoid all third-party offerings, such as Google Chrome, Google Toolbar, etc.

Edit to add: AdobeARM.exe is reintroduced to MSCONFIG by the Adobe Reader security update, it is not imperative to have this start when not required.
If you are uncomfortable tweaking your machine, ask a security professional to do this operation for you.

[EncryptedBytes]

What interested me adobe’s PSIRT sent out a notification last Friday, if you monitor their priority scale Adobe never gives out a level 1 to vulnerabilities unless they’ve seen or heard example exploits out in the wild. Which means “patch immediately” but they’ve posted notifications last Friday and only the patches this week. Got to love their thought processes on 0days.

[siljaline]

Adobe skipped some Reader patches with update

Quote:

Google Chrome security team reveals lesser flaws because Adobe will not release patches for them before Aug. 27.

A Google security team is warning that Adobe has passed on fixing a number of vulnerabilities in its Reader software for viewing PDF documents.

Adobe released a new version of Reader on Tuesday that fixed about 20 vulnerabilities in the Mac and Windows versions of the product. Despite the large number of flaws addressed in the patches, a number of serious vulnerabilities remained untouched, according to an analysis released on Wednesday by Mateusz Jurczyk and Gynvael Coldwind of Google.

Google's interest in Reader is the result of having the PDF viewer embedded in the search engine's Chrome browser. Earlier this year, the Google team started testing the application for exploitable bugs exposed through crashes of the viewer.