My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Adobe Patch Tuesday January 2014

Published: 2014-01-14. Last Updated: 2014-01-14 21:04:51 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

 Adobe released two bulletins today:

1 - Reader/Acrobat

This bulletin fixes three vulnerabilities. Adobe rates this one "Priority 1" meaning that these vulnerabilities are already exploited in targeted attacks and administrators should patch ASAP.

After the patch is applied, you should be running Acrobat/Reader 11.0.06 or 10.1.9 .

2 - Flash Player and Air

The flash player patch fixes two vulnerabilities. The Flash player problem is rated "Priority 1" for Windows and OS X. The Air vulnerability is rated "3" for all operating systems. For Linux, either patch is rated "3".

Patching flash is a bit more complex in that it is included with some browsers, in which case you will need to update the browser. For example Internet Explorer 11 and Chrome include Flash.

 

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe patch
7 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

That should read "11.0.6" for Acrobat/Reader version, not .5

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.06.html
Fixed. thanks!
Is the Flash version change from 11.9 to 12.0
a major feature release or just a rollover?

I see Adobe has an extended support 11.7
player, so it does seem 12 might be a major.
Prefer to be the last to use new feature
versions since new features equals
new bugs.
The like for APSB14-01 should be -

http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

rather than -

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html
From http://helpx.adobe.com/en/flash-player/release-note/fp_12_air_4_release_notes.html:

"Today we are introducing a new numbering scheme for our product versions. Adopting the pattern set by Google Chrome and Mozilla Firefox, we will simply update the major version number with each subsequent release. In other words, beginning with this release, Flash Player will become Flash Player 12. With each new major release, roughly every 3 months, that number will increase by one."
> Prefer to be the last to use new feature versions, since new features equals new bugs.

Whaa?

You prefer to be a target from hackers (and script-kiddies) exploiting "well-known/well-publicized" bugs, rather than patching to become immune to those exploits?

Go ahead; it's your computer (and your complete collection of backups -- you do have backups ???) that you are risking.
(removed a duplicate posting)

Diary Archives