dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3623
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

1 edit

2 recommendations

Security updates: Adobe Shockwave, Reader/Acro, Flash Player

quote:
Adobe Security Bulletins Posted

Today, we released the following Security Bulletins:

APSB12-16 – Security updates available for Adobe Reader and Acrobat

APSB12-17 – Security update available for Adobe Shockwave Player

APSB12-18 – Security update available for Adobe Flash Player

Customers of the affected products should consult the relevant Security Bulletin(s) for details.
»blogs.adobe.com/psirt/2012/08/ad···d-2.html
--
Gladiator Security Forum: www.gladiator-antivirus.com/


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

2 edits

1 recommendation

The Release notes for Flash Player 11.3.300.271 are here: »helpx.adobe.com/flash-player/rel···1_3.html

Downloads (.exe and .msi (no bundled extras): »www.adobe.com/products/flashplay···on3.html

---------------------------------

The Release notes for Adobe Reader/Acrobat are available here: »helpx.adobe.com/acrobat/release-···der.html

--
Gladiator Security Forum: www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

2 recommendations



angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4

1 recommendation

reply to chachazz
Looks like the security fix may only be for the ActiveX player only:
Adobe - Security Bulletins: APSB12-18 - Security update available for Adobe Flash Player
»www.adobe.com/support/security/b···-18.html
Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
The MSI installer for the 11.3.300.271 version plugin is exactly the same size as the 11.3.300.270 MSI installer. Might only be a change in version numbers.
08/06/2012  06:14 AM        10,895,872 install_flash_player_11_plugin_11.3.300.270.msi
08/12/2012  03:39 AM        10,895,872 install_flash_player_11_plugin_11.3.300.271.msi
 

--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/


Pentangle
With our thoughts we make the world.
Premium
join:2006-06-01
Vancouver BC
kudos:2

1 recommendation

reply to chachazz
Thanks chazzy.


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4

1 recommendation

reply to chachazz
Argh! Today is updates day! MS and Adobe. Argh. I hope Oracle and others don't release theirs today! :P


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to chachazz
said by chachazz:

Downloads (.exe and .msi (no bundled extras): »www.adobe.com/products/flashplay···on3.html

The only link I use.

DrDemento

join:2005-07-25
Brick, NJ
reply to chachazz
Let's see-6 updates from Microsoft on each of 3 XP computers, Adobe Flash update, Adobe reader update, and Adobe Shockwave update. Well, I did not feel like doing anything else with my day anyway.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to angussf
Reader X adds: AdobeARM.exe to MSCONFIG not required to run and update normally.
Javascript is also re-started via preferences for those not wanting Reader X running JS.


toobaad

@sbcglobal.net
reply to chachazz
Oracle released Java 7 update 6 today with others.


toobad

@sbcglobal.net
reply to antdude
Oracle released Java 7 update 6 today and others.

redwolfe_98
Premium
join:2001-06-11
kudos:1

1 recommendation

reply to toobaad
said by toobaad :

Oracle released Java 7 update 6 today with others.

you should create a new thread for this..


angussf
Premium
join:2002-01-11
Tucson, AZ
kudos:4

2 recommendations

reply to toobaad
said by toobaad :

Oracle released Java 7 update 6 today with others.

Neither of the new Java JREs released today (7u6, 6u34) appears to have any security fixes.
Java™ SE Development Kit 7 Update 6 Release Notes
»www.oracle.com/technetwork/java/···681.html
Java™ SE Development Kit 6 Update 34 Release Notes
»www.oracle.com/technetwork/java/···733.html
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to chachazz
i was disappointed to not see an update for "flash player 10"..

the security-advisory didn't mention anything about "flash player 10".. they could have said that "flash player 10" wasn't vulnerable and so it wasn't being updated or that they were discontinuing support for it and so it wasn't being updated..


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to angussf
Of course size means nothing.
They are physically different (I looked at the dll's) though that could certainly be attributable to recompile changes accounting for the version number & digital certificate alone - or not?

A binary compare wasn't too fruitful, & a strings compare while still different, revealed nothing nothing notable, for as far as you can go with that.


kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to redwolfe_98
Indeed. ever since Adobe released Flash 11.3 it's been video/audio sync issues and lag when running full screen hence why I still use 10.3.183.20.


norwegian
Premium
join:2005-02-15
Outback
reply to chachazz
Click for full size
Install issues here for the first time ever:
I had to turn off KIS A/V protection to install it for Opera.
I didn't bother checking the processes to see if it was web or file related. But did check other possibilities till it was confirmed as an A/V issue.

Did anyone else see this?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
Were you using the "stub" installer or the full download from "distribution3"?

Did you try the uninstaller first (uninstalls both IE & other Flash)?
h ttp://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe?

This doesn't go into much detail?

"Actionlist not found / Unable to download metafile / Failed to initialize / Certification authentication failed / Invalid certificate

Solution: Check the network connectivity. Ensure that your machine has enough virtual memory. If the issue persists, use the direct links to download Flash Player installer."

»helpx.adobe.com/content/help/en/···eader_11

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to chachazz
adobe says the vulnerability that was patched only effects the activex version of flash player, for IE, so, since there isn't an update for "flash player 10" (i don't know if it needs to be updated or not), i just disabled "flash player" in IE.. no problems..

i hardly ever use IE.. i only use IE for "windows updates" and at two websites that require an activex-control to run, and i don't have any problems with using any of the websites with "flash player" disabled..


norwegian
Premium
join:2005-02-15
Outback
reply to therube
For the record it wasn't the full installer, it was via the stub installer.
Certification authentication failed / Invalid certificate would be an issue with rights when KIS "Scan SSL connections" is set then.

I have not tested that though and is speculation, but seems the most plausible reason as I do not always have this checked for on and it is the first time from memory I have had this failure.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


jupitermoon

join:2011-09-27
reply to siljaline
Click for full size
said by siljaline:

Reader X adds: AdobeARM.exe to MSCONFIG not required to run and update normally.
Javascript is also re-started via preferences for those not wanting Reader X running JS.

I got the AdobeARM.exe startup, but not the Javascript reenabling in Preferences after updating Reader X to 10.1.4.


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to redwolfe_98
said by redwolfe_98:

i was disappointed to not see an update for "flash player 10"..

the security-advisory didn't mention anything about "flash player 10".. they could have said that "flash player 10" wasn't vulnerable and so it wasn't being updated or that they were discontinuing support for it and so it wasn't being updated..

Flash Player 10.3.183.20 was not impacted by this security issue and was not updated.
--
Gladiator Security Forum: www.gladiator-antivirus.com/


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to jupitermoon
This is good ! Thanks for the screenshot, everyone should use this as a guuide not to allow JS in Reader X.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit

1 recommendation

reply to chachazz
i got a reply from adobe saying that the reason "flash player 10" was not updated, with this newest release of updates, was because it did not have the same vulnerability that was patched with the latest version of "flash player 11", and that "flash player 10" is still supported..

p.s. chachaz, i see your post, above, now, about flash player 10's not having the vulnerability that was patched with the newest version of "flash player 11"..


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

1 recommendation

reply to chachazz
Concerning Flash...
said by Dustyn:

said by chachazz:

Downloads (.exe and .msi (no bundled extras): »www.adobe.com/products/flashplay···on3.html

The only link I use.

Yep, same here. No nonsense installers.
I also use the latest Flash Uninstaller first, which will always have the same version number as the latest Flash release. (Just a creature of habit).
»helpx.adobe.com/flash-player/kb/···nstaller

Something else I've noticed. (Especially if you install Flash fresh like I do).
Even though Flash has Control panel settings now, I've often found that even when I un-tick "do not check for updates" (or whatever it is), during installation, it's often still configured to auto-update.
If not in the control panel app, there are also often conflicting settings in the On-line settings manager:
»www.macromedia.com/support/docum···r02.html
Many people don't even check that anymore, but many times I've found conflicting settings between that, and the control panel applet, so I always check both. Just sayin'

Oh, and thanks Chazz...got this a couple of days ago...just thought I'd add a little bit more boring reading to the thread.
--
I had a life once.....now I have a Computer and a Modem.