My next class:

Adobe Patch Tuesday January 2014

Published: 2014-01-14. Last Updated: 2014-01-14 21:04:51 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

 Adobe released two bulletins today:

1 - Reader/Acrobat

This bulletin fixes three vulnerabilities. Adobe rates this one "Priority 1" meaning that these vulnerabilities are already exploited in targeted attacks and administrators should patch ASAP.

After the patch is applied, you should be running Acrobat/Reader 11.0.06 or 10.1.9 .

2 - Flash Player and Air

The flash player patch fixes two vulnerabilities. The Flash player problem is rated "Priority 1" for Windows and OS X. The Air vulnerability is rated "3" for all operating systems. For Linux, either patch is rated "3".

Patching flash is a bit more complex in that it is included with some browsers, in which case you will need to update the browser. For example Internet Explorer 11 and Chrome include Flash.

 

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe patch
7 comment(s)
My next class:

Comments

That should read "11.0.6" for Acrobat/Reader version, not .5

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.06.html

Anonymous

Jan 14th 2014
1 decade ago

Fixed. thanks!

Anonymous

Jan 14th 2014
1 decade ago

Is the Flash version change from 11.9 to 12.0
a major feature release or just a rollover?

I see Adobe has an extended support 11.7
player, so it does seem 12 might be a major.
Prefer to be the last to use new feature
versions since new features equals
new bugs.

Anonymous

Jan 15th 2014
1 decade ago

The like for APSB14-01 should be -

http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

rather than -

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html

Anonymous

Jan 15th 2014
1 decade ago

From http://helpx.adobe.com/en/flash-player/release-note/fp_12_air_4_release_notes.html:

"Today we are introducing a new numbering scheme for our product versions. Adopting the pattern set by Google Chrome and Mozilla Firefox, we will simply update the major version number with each subsequent release. In other words, beginning with this release, Flash Player will become Flash Player 12. With each new major release, roughly every 3 months, that number will increase by one."

Anonymous

Jan 15th 2014
1 decade ago

> Prefer to be the last to use new feature versions, since new features equals new bugs.

Whaa?

You prefer to be a target from hackers (and script-kiddies) exploiting "well-known/well-publicized" bugs, rather than patching to become immune to those exploits?

Go ahead; it's your computer (and your complete collection of backups -- you do have backups ???) that you are risking.

Anonymous

Jan 18th 2014
1 decade ago

(removed a duplicate posting)

Anonymous

Jan 18th 2014
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives