Security News Adobe (Jan 2017): 42 security vulnerabilities (code execution on remote systems)

[LASER_oneXM]

hi guys!

...another horrible news from Adobe (quote from the article above):

"......This would allow them to execute almost any command on the remote computer without the knowledge of the owner. .....:"



Don't forget to update as soon as possible....!!!


....some other quotes from the artocle above:

APSB17-01 Security Updates Available for Adobe Acrobat and Reader

Adobe has released security updates that resolve 29 vulnerabilities in Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe has released updates for Adobe Acrobat, Reader, and Flash that resolve a total of 42 security vulnerabilities. As many of these vulnerabilities are rated as Critical, it is strongly advised that anyone using these products immediately update them to the latest version.

A vulnerability is rated as Critical when it could allow attackers to remotely execute code on an affected machine. This would allow them to execute almost any command on the remote computer without the knowledge of the owner.

 

[Marko :)]

I don't remember last time I used Adobe Reader. Instead I'm using PDF viewer built-in Opera and if I need to create a PDF, I'm doing it with Microsoft Office.

 

[soccer97]

hi guys!

...another horrible news from Adobe (quote from the article above):

"......This would allow them to execute almost any command on the remote computer without the knowledge of the owner. .....:"



Don't forget to update as soon as possible....!!!


....some other quotes from the artocle above:

I check their PSIRT blog frequently. Also take notice of their quarterly update cycle (Like Java).

The next update cycle for Adobe Reader will be in April.

Keep watching the PSIRT blog, as you can see, occasionally they post pre-notifications of upcoming updates.

Link: Adobe Product Security Incident Response Team (PSIRT) Blog | Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.

 

[soccer97]

Also, I can't tell you how many people are not aware of this. For full uninstall at ion you MUST use Adobe's uninstaller (Flash Player)


Link: Uninstall Flash Player.

When there is an update available, I download the latest version of the uninstaller (updated at the same time as each update to flash is), then reboot, install Flash from direct download links, avoiding the download manager and junk.



Also: Has anyone noticed that Chrome hasn't been updated to latest version of Flash (at least on my PC)?

 

[Marko :)]

Also, I can't tell you how many people are not aware of this. For full uninstall at ion you MUST use Adobe's uninstaller (Flash Player)


Link: Uninstall Flash Player.

When there is an update available, I download the latest version of the uninstaller (updated at the same time as each update to flash is), then reboot, install Flash from direct download links, avoiding the download manager and junk.



Also: Has anyone noticed that Chrome hasn't been updated to latest version of Flash (at least on my PC)?

I've read somwhere that Google uses their own version of Flash in Chrome so it's not from Adobe. Maybe that's reason why you have older version of Flash.

 

[Ink]

I've read somwhere that Google uses their own version of Flash in Chrome so it's not from Adobe. Maybe that's reason why you have older version of Flash.

"Pepper Flash Player is maintained by Google, and is newer than Adobe Flash Player. Adobe currently still provides security fixes for Adobe Flash Player. Google provides newer features in Pepper Flash Player. Pepper Flash Player can currently only be used with Chromium (and with Chrome)." - Link

Adobe are pushing updates so it's a good sign, but also why Chromium-based browsers like Chrome are extremely popular.

 

[soccer97]

"Pepper Flash Player is maintained by Google, and is newer than Adobe Flash Player. Adobe currently still provides security fixes for Adobe Flash Player. Google provides newer features in Pepper Flash Player. Pepper Flash Player can currently only be used with Chromium (and with Chrome)." - Link

You are correct. They can usually push things out well and sometimes update Flash prior to Adobe.

Adobe are pushing updates so it's a good sign, but also why Chromium-based browsers like Chrome are extremely popular.

Thanks, I am aware. Normally on patch Tuesday (or the day after) , I will manually check for updates to Chrome. (About Chrome). I typed chrome://plugins/ in the address bar and it was out of date - it updated about an hour ago - they must push some in the background - my bad.