dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
11697
art22gg
Premium Member
join:2005-02-16
Courtenay, BC

1 edit

3 recommendations

art22gg

Premium Member

Update:Adobe Flash Player..11.6.602.171.Feb.26/13

This update resolves a permissions issue with the Flash Player Firefox sandbox (CVE-2013-0643).

This update resolves a vulnerability in the ExternalInterface ActionScript feature, which can be exploited to execute malicious code (CVE-2013-0648).

This update resolves a buffer overflow vulnerability in a Flash Player broker service, which can be used to execute malicious code (CVE-2013-0504).

»www.adobe.com/products/f ··· on3.html

These def,s have a priority of [1]....meaning...from Adobe...Priority 1 This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours).

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Got a changelog, Art ?

TA ~

sbconslt
join:2009-07-28
Los Angeles, CA

sbconslt

Member

Release notes: »helpx.adobe.com/en/flash ··· tes.html

Security bulletin: »www.adobe.com/support/se ··· -08.html

Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.

Adobe recommends users update their product installations to the latest versions:

•Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows and Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.

•Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.

•Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.

•Adobe Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.6.602.171 for Windows.


StuartMW
Premium Member
join:2000-08-06

StuartMW to art22gg

Premium Member

to art22gg
Thanks. Guess I'll be away for a bit installing 6 times (3 boxes x IE/plug-in versions).

DasGoat
join:2013-02-12
Charleston, WV

DasGoat to art22gg

Member

to art22gg
Anyone willing to test installing this file »aihdownload.adobe.com/bi ··· _aih.exe on a VM/PC to see if it's legit. I've checked it on virustotal.com and it came back positive for one company. I believe it installs Reveton. I don't have the means to test it myself.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Why don't you get the Flash update(s) from Adobe directly?

»www.adobe.com/products/f ··· on3.html

DasGoat
join:2013-02-12
Charleston, WV

DasGoat to art22gg

Member

to art22gg
I didn't download it. Someone else did. The whois information says it's for Adobe. They downloaded/installed it and then bad things.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Well in that case perhaps they learned a lesson.

The site may well be Adobe's but I always use bookmarked legitimate download pages to get stuff. Even then I validate (digital signatures etc) and A/V scan the downloads.

DasGoat
join:2013-02-12
Charleston, WV

DasGoat to art22gg

Member

to art22gg
I doubt that, sadly.

Robotics
See You On The Dark Side
Premium Member
join:2003-10-23
Louisa, VA

Robotics to art22gg

Premium Member

to art22gg
I don't update till I am prompt to do so when it comes to Adobe

Darek
Premium Member
join:2000-12-04
Chicago, IL

Darek to art22gg

Premium Member

to art22gg
Installed.

Thanks Art.

chip89
Premium Member
join:2012-07-05
Columbia Station, OH

chip89 to art22gg

Premium Member

to art22gg
Had to install it two times because chrome fought it was't up to date so it kept blocking Flash. Ended up having to unstall Flash and re download flash.

chachazz
Premium Member
join:2003-12-14

2 recommendations

chachazz to art22gg

Premium Member

to art22gg
Update for Internet Explorer Flash Player for Windows 8 (KB2819372)
»www.microsoft.com/en-us/ ··· id=36815

Update for Internet Explorer Flash Player for Windows 8 x64 (KB2819372)
»www.microsoft.com/en-us/ ··· id=36813

Update for Internet Explorer Flash Player for Windows Server 2012 (KB2819372)
»www.microsoft.com/en-us/ ··· id=36814

You must have update 2771431 (a servicing stack update) installed before you install this update. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 2771431 .

Windows RT must go through Windows Update.

More Information for IE 10 users: »support.microsoft.com/kb/2819372

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to art22gg

Premium Member

to art22gg
Again??! Every dang week!

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline to chachazz

Premium Member

to chachazz
Those are stand-alone installers

Now that they're baked into IE 10, those should be fetchable via WU.

Others can update Flash via your preferred poisoning method.

angussf
Premium Member
join:2002-01-11
Tucson, AZ

angussf to antdude

Premium Member

to antdude
said by antdude:

Again??! Every dang week!

Constant updates like this (and Java) is one of the main reasons why I'm using VIPRE Premium on my network and at most of my clients -- patch management at an inexpensive price. I can roll this puppy out to all the workstations with a few clicks. And VIPRE Premium is only a few dollars per workstation more per year than the AV-only version.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

1 recommendation

Dustyn to siljaline

Premium Member

to siljaline
said by siljaline:

Those are stand-alone installers

Now that they're baked into IE 10, those should be fetchable via WU.

Others can update Flash via your preferred poisoning method.

... what's the issue? It's an alternate download method for anyone who may wish to use those installers. Options are always appreciated. Clearly they must serve a purpose or Microsoft would not have made them available.
Dustyn

Dustyn to art22gg

Premium Member

to art22gg
Thanks Arty!

chachazz
Premium Member
join:2003-12-14

1 recommendation

chachazz to siljaline

Premium Member

to siljaline
said by siljaline:

Those are stand-alone installers

Now that they're baked into IE 10, those should be fetchable via WU.

Others can update Flash via your preferred poisoning method.

They sure are stand-alone installers.

You infer that Microsoft is offering "poisoned" installers?

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

siljaline

Premium Member

Stand-alone installers tend to install more than a method other than using stand-alone installers.
»support.microsoft.com/kb/2819372
»www.adobe.com/products/f ··· on3.html
Mele20
Premium Member
join:2001-06-05
Hilo, HI

1 recommendation

Mele20 to Dustyn

Premium Member

to Dustyn
said by Dustyn:

said by siljaline:

Those are stand-alone installers

Now that they're baked into IE 10, those should be fetchable via WU.

Others can update Flash via your preferred poisoning method.

... what's the issue? It's an alternate download method for anyone who may wish to use those installers. Options are always appreciated. Clearly they must serve a purpose or Microsoft would not have made them available.

I'm glad to see Microsoft make my life a bit easier since I don't use WU. I just installed the IE update. No reboot required. I haven't done plugin one yet.

Blogger
Jedi Poster
Premium Member
join:2012-10-18

Blogger to art22gg

Premium Member

to art22gg
If Oracle ever built or designed a submarine they'd probably put a screen door on it.