Adobe Updates today as well.

Published: 2013-12-10. Last Updated: 2013-12-10 21:36:14 UTC
by Rob VandenBrink (Version: 2)
3 comment(s)

Adobe also has published updates today for Flash Player, resolving CVE-2013-5331 and CVE-2013-5332.

This is a remote execution vulnerability, by way of a malicious SWF (Flash) content in an MS Word document.

The versions will vary from platform to platform, but if you are running Flash Player you should update soon (today if possible).

Shockwave Player also sees an update today, addressing CVE-2013-5333 and CVE-2013-5334 on the Windows and Mac platforms.  With this update applied, both platforms should be at version 12.0.7.148

These exploits also result in remote execution, so if you have Shockwave Player installed today is a good day to update, either right before or right after the Microsoft reboot.

You'd think by now most major products would have an auto update or a "click here to update" feature.   From this note, perhaps you'd think that Adobe might be unique in not having this, but you'd be surprised what other major system components don't update themselves!

===============
Rob VandenBrink
Metafore

Keywords: adobe flash
3 comment(s)

Comments

Geez, the endless near monthly security updates for Adobe flash player.

Makes one wonder just how many security vulnerabilities you can possibly program into a browser plugin?


Jeff
You will notice this is within the shell of MS word... another thread speaks of going after the bad people. This is the reason they will continue to thrive... on the scale of SCAMS according to a family member who works for the FBI in LA... this one brings in small amounts of money. What amazes me is the people that continue to fall for the Nigerian Scam, tens of millions.. yes, tens of millions each year.

Another issue is patch deployment of exploit.. SANS 301... fix was not out yet and I am running Adobe's latest version. DL Qualys.. auto update.. 3 flavors... I deployed through the whole company where WSUS could not hit in remote areas.

As I was typing this.. updated...
Adobe Air is also released. it appears that none of the security sites track this. The new version is 3.9.0.1380

Diary Archives