My next class:

Adobe Flash Player Update

Published: 2012-02-16. Last Updated: 2012-02-16 05:40:21 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

On Tuesday, Adobe released an update for Shockwave Player (APSB12-02) and RoboHelp for Word (APSB12-04). The odd question on tuesday was: What happened to APSB12-03. Today, we learned the answer: Another bulletin from Adobe, APSB12-03, accompanied by a patch for Adobe's Flash player.

Sadly, with the odd release date, this bulletin has fallen a bit between the cracks. However, you should apply the patch *QUICKLY* as at least one of the vulnerabilities has already been exploited in the wild.

http://www.adobe.com/support/security/bulletins/apsb12-03.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe flashplayer
2 comment(s)
My next class:

Comments

The version on their redistributable portal is still 11.1.102.62. Is there any other way to get a MSI of this thing?
11.1.102.55 was the previous version. 11.1.102.62 is the patched version for IE/Firefox/Chrome/etc. The higher version numbers are for Android. Note that there is no reference in the bulletin to CVE-2011-4693 or CVE-2011-4694, which were announced back in December (see http://isc.sans.edu/diary.html?storyid=12166 for more details). I don't know if those vulnerabilities were fixed silently (so as to avoid giving credit) or were ignored.

Diary Archives