Adobe Security Bulletins

ronjor · Jan 23, 2015

Security Advisory for Adobe Flash Player

Release date: January 22, 2015

Vulnerability identifier: APSA15-01

CVE number: CVE-2015-0311

Platform: All Platforms
Summary

A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.

Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26.
Click to expand...

https://helpx.adobe.com/security/products/flash-player/apsa15-01.html

anon · Jan 25, 2015

https://www.wilderssecurity.com/thre...g-exploited-by-angler-ek.372594/#post-2451672

UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.

http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Click to expand...

Hat tip: member Dermot7

Sampei Nihira · Jan 25, 2015

My pc:

anon · Jan 25, 2015

Adobe Flash Player 16.0.0.296 released today
http://www.neowin.net/news/adobe-flash-player-1600296

anon · Jan 27, 2015

Adobe Flash Player 16.0.0.296

Security updates available for Adobe Flash Player (APSB15-03)
January 27, 2015

https://www.wilderssecurity.com/thre...oited-by-angler-ek.372594/page-2#post-2452646

ronjor · Jan 27, 2015

Security updates available for Adobe Flash Player

Release date: January 27, 2015

Vulnerability identifier: APSB15-03

Priority: See table below

CVE number: CVE-2015-0311, CVE-2015-0312

Platform: All Platforms
Click to expand...

https://helpx.adobe.com/security/products/flash-player/apsb15-03.html

ronjor · Feb 2, 2015

Adobe Security Bulletin
Security Advisory for Adobe Flash Player

Release date: February 2, 2015

Vulnerability identifier: APSA15-02

CVE number: CVE-2015-0313

Platform: All Platforms
Click to expand...

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html

siljaline · Feb 2, 2015

Adobe PSIRT notes new 0day -
http://blogs.adobe.com/psirt/?p=1171
Expect Adobe to push out (yet another patch) sometime the week of February 2.

Also from Trend Micro -
http://blog.trendmicro.com/trend-micro-researchers-discover-new-adobe-zero-day-attacks/

chachazz · Feb 2, 2015

ronjor said: ↑

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Click to expand...

Thanks ronjor.

ronjor · Feb 2, 2015

You're welcome.

siljaline · Feb 2, 2015

Via way of Adobe Security on Twitter:

https://twitter.com/AdobeSecurity/status/562240129406742530

MrBrian · Feb 3, 2015

From Top adult site xHamster involved in large malvertising campaign:

[...] loads the malicious Flash file [...] which exploits the recent 0 day.

[...]

While malvertising on xHamster is nothing new, this particular campaign is extremely active. Given that this adult site generates a lot of traffic, the number of infections is going to be huge.
Click to expand...

ronjor · Feb 4, 2015

UPDATED: Security Advisory for Adobe Flash Player (APSA15-02)

UPDATE (February 4): users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.
Click to expand...

https://blogs.adobe.com/psirt/

ronjor · Feb 5, 2015

Adobe Security Bulletin
Security updates available for Adobe Flash Player

Release date: February 5, 2015

Vulnerability identifier: APSB15-04

Priority: See table below

CVE number: CVE-2015-0313, CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330

Platform: All Platforms

Summary

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.
Click to expand...

https://helpx.adobe.com/security/products/flash-player/apsb15-04.html

anon · Mar 4, 2015

http://blogs.adobe.com/psirt/?p=1179

Adobe Launches Web Application Vulnerability Disclosure Program on HackerOne
March 4, 2015

In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application vulnerability disclosure program on the HackerOne platform. Bug hunters who identify a web application vulnerability in an Adobe online service or web property can now privately disclose the issue to Adobe while boosting their HackerOne reputation score. We invite security researchers to view the disclosure guidelines available here: https://hackerone.com/adobe.

Adobe continues to welcome the coordinated disclosure of security issues affecting desktop products and enterprise on-premise solutions by notifying our Product Security Incident Response Team (PSIRT@adobe.com).

Pieter Ockers
Security Program Manager, PSIRT
Click to expand...

anon · Mar 12, 2015

Adobe Flash Player 17.0.0.134
http://www.neowin.net/news/adobe-flash-player-1700134

ronjor · Mar 12, 2015

Use this link on these forums please.

https://get.adobe.com/flashplayer/

anon · Mar 12, 2015

https://helpx.adobe.com/security/products/flash-player/apsb15-05.html

Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: March 12, 2015
Vulnerability identifier: APSB15-05
Click to expand...

----------------------------
Release Notes:
https://helpx.adobe.com/flash-player/release-note/fp_17_air_17_release_notes.html

BoerenkoolMetWorst · Apr 14, 2015

https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

Security updates available for Adobe Flash Player
Release date: April 14, 2015
Vulnerability identifier: APSB15-06
Priority: See table below
CVE number: CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349, CVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0356, CVE-2015-0357, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360, CVE-2015-3038, CVE-2015-3039, CVE-2015-3040, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043, CVE-2015-3044
Platform: All Platforms
Click to expand...

ronjor · Apr 14, 2015

Security Update: Hotfixes available for ColdFusion

Release date: April 14, 2015

Vulnerability identifier: APSB15-07

Priority: See table below

CVE numbers: CVE-2015-0345

Platform: All
Summary
Adobe has released security hotfixes for ColdFusion versions 11 and 10. These hotfixes address an input validation issue that could be used in a reflected cross-site scripting attack.
Click to expand...

https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html

ronjor · Apr 14, 2015

Security vulnerability in output of Adobe Flex ASdoc Tool

Release date: April 14, 2015

Vulnerability identifier: APSB15-08

Priority: See table below

CVE number: CVE-2015-1773

Platform: All Platforms
Summary

An important vulnerability has been identified in the JavaScript output of the ASDoc tool available in Adobe Flex 4.6 and earlier versions. This vulnerability could lead to reflected cross-site scripting. Adobe recommends users perform the actions referenced in the "Solutions" section below to remediate this vulnerability.
Click to expand...

https://helpx.adobe.com/security/products/flex/apsb15-08.html

anon · May 7, 2015

Adobe Security Bulletin

Prenotification Security Advisory for Adobe Reader

Release date: May 7, 2015

Vulnerability identifier: APSB15-10
Click to expand...

https://helpx.adobe.com/security/products/reader/apsb15-10.html

WildByDesign · May 12, 2015

Update available: ~ FTP URL Removed - Use https://get.adobe.com/reader/ Instead ~
Alternative: https://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Security Bulletin: https://helpx.adobe.com/security/products/reader/apsb15-10.html

ronjor · May 12, 2015

Adobe Security Bulletins Posted
Posted on May 12, 2015 by Adobe Product Security Incident Response Team | Comments (0)

The following Security Bulletins have been posted today:

APSB15-09: Security updates available for Adobe Flash Player

APSB15-10: Security updates available for Adobe Reader and Acrobat

Customers of the affected products should consult the relevant Security Bulletin(s) for details.
Click to expand...

https://blogs.adobe.com/psirt/

stapp · May 13, 2015

At the moment for me the pappi.exe Flash version is still downloading as 17.0.0.169. Some info here as others have noticed this too. Perhaps it may 'catch up' later

https://forums.adobe.com/thread/1842948

Log in or Sign up

Adobe Security Bulletins

ronjor Global Moderator

anon Registered Member

Sampei Nihira Registered Member

anon Registered Member

anon Registered Member

ronjor Global Moderator

ronjor Global Moderator

siljaline Registered Member

chachazz Updates Team

ronjor Global Moderator

siljaline Registered Member

MrBrian Registered Member

ronjor Global Moderator

ronjor Global Moderator

anon Registered Member

anon Registered Member

ronjor Global Moderator

anon Registered Member

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

ronjor Global Moderator

anon Registered Member

WildByDesign Registered Member

ronjor Global Moderator

stapp Global Moderator

Log in or Sign up

Adobe Security Bulletins

ronjor Global Moderator

anon Registered Member

Sampei Nihira Registered Member

anon Registered Member

anon Registered Member

ronjor Global Moderator

ronjor Global Moderator

siljaline Registered Member

chachazz Updates Team

ronjor Global Moderator

siljaline Registered Member

MrBrian Registered Member

ronjor Global Moderator

ronjor Global Moderator

anon Registered Member

anon Registered Member

ronjor Global Moderator

anon Registered Member

BoerenkoolMetWorst Registered Member

ronjor Global Moderator

ronjor Global Moderator

anon Registered Member

WildByDesign Registered Member

ronjor Global Moderator

stapp Global Moderator

Useful Searches