Adobe Patches Flash Player, Reader

January 15, 2014

Not to be left out of this month’s “Patch Tuesday” festivities, Adobe has released security updates for its Reader, Acrobat, Flash Player, and AIR software.

The Security Bulletin [APSB14-01] for Acrobat and Reader applies only to the Windows and Mac OS X platforms.  Adobe says the affected software versions are:

  • Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
  • Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh

Adobe rates the severity of the vulnerabilities addressed by this bulletin as Critical.  You can obtain the new version using the software’s built-in update mechanism (Help / Check for Updates); alternatively, you can download Reader installation packages for all platforms here.

The Security Bulletin [APSB14-02] for Flash Player and AIR applies to all platforms (Windows, Linux, and Mac OS X).  Affected software versions are:

  • Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.332 and earlier versions for Linux
  • Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.9.0.1380 and earlier versions for Android
  • Adobe AIR 3.9.0.1380 SDK and earlier versions
  • Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions

(You can check the version of Flash Player installed on your system by visiting Adobe’s About Flash Player page.)  Adobe says this is also a Critical vulnerability.  Users of Google’s Chrome browser, of of Microsoft’s Internet Explorer (Versions 10 and 11) should get the new (bundled) Flash Player automatically.   Others can obtain installation packages for all platforms from Adobe’s Flash Player Download Center.   Please see the Security Bulletin for information on AIR updates.

These Adobe packages have, historically, been popular targets for attackers, because they are widely installed across different platforms.  I recommend that you update you systems as soon as you conveniently can.

Adobe Updates Flash Player

December 11, 2013

Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player.  The fixes address two critical security vulnerabilities.  According to Adobe, the affected software versions are:

  • Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.327 and earlier versions for Linux
  • Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.9.0.1210 and earlier versions for Android
  • Adobe AIR 3.9.0.1210 SDK and earlier versions
  • Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Note that Adobe’s AIR software is also affected.  You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.

The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 11.2.202.332.  Please see the Security Bulletin for information on Android versions.

Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms.  There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.

Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism.  Other users can obtain the new version from the Flash Player Download page.


Adobe Fixes Flash Player

September 11, 2013

Adobe Systems has released a new version of its Flash Player for all platforms: Windows, Mac OS X, Linux, and Android.  The new version fixes four serious security vulnerabilities identified in Adobe’s Security Bulletin [APSB13-21]; the affected versions of the Flash Player software are:

  • Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.297 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.8.0.870 and earlier versions for Windows and Android
  • Adobe AIR 3.8.0.910 and earlier versions for Macintosh
  • Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows
  • Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh

Further details are given in the Security Bulletin.

Windows, Linux, and Mac OS X users can get the new release from Adobe’s download page.  For Windows and Mac OS X, the new version is 11.8.800.168; the new version for Linux is 11.2.202.310.  (Windows users should note that they may require two updates: one for Internet Explorer, and one for all other browsers.) Details of the new Android versions are given in the Security Bulletin.

The Flash Player bundled with Google’s Chrome browser should be updated automatically to version 11.8.800.170, according to a post on the “Chrome Releases” blog.

Windows, Linux, and Mac OS X  users can check the version of Flash Player installed on their systems by visiting Adobe’s About Flash Player page.


Adobe Updates Flash Player

June 16, 2013

This past week, Adobe issued a Security Bulletin  [APSB 13-16] and a new version of its Flash Player to address several potentially Critical security vulnerabilities.  This  bulletin affects all platforms; according to Adobe, the affected versions of the software are:

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

You can verify the version of Flash Player installed on your system by visiting the “About Flash Player” page at Adobe’s site.  (The page will also show you the current version numbers of Flash Player for all platforms.)  Updated versions of the player, for Windows, Mac, and Linux platforms, can be downloaded here.  For information on AIR and Android updates, please see the Security Bulletin.

The Flash player is one of the most commonly installed pieces of software on user computers.  Because it is so common, and because it is installed across multiple platforms, it is a very attractive target for the Bad Guys.  I strongly recommend updating your systems as soon as you conveniently can.


Google Releases Chrome 27

May 21, 2013

Google today announced the release of a new version, 27.0.1453.93, of its Chrome browser for all platforms: Mac OS X, Linux, Windows, and Chrome Frame.   The new version incorporates some capability iimprovements:

  • Web pages should, on average, load a bit faster (about 5%)
  • The chrome.SyncFilesystem API for access to Google Drive is available
  • Better spell checking and input prediction

The new release incorporates the latest version of the bundled Flash Player, as well as fixes for 14 identified security vulnrabilitues, 10 of which Google rates as High severity.  Further information is available in the Release Announcement.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.  If you need to get a complete installation package, you can download it here.

Update Wednesday, 22 May, 17:35 EDT

Ars Technica has an interesting short article on the changes in Chrome 27.  The increase in page loading speed was accomplished by switching from a per-tab scheduler to a global scheduler, which allows some additional optimizations of network utilization.


Critical Updates for Adobe Reader, Acrobat — and Flash

May 14, 2013

As expected, Adobe has released new versions of its Acrobat and Reader software, incorporating critical security updates.  There is also a critical update for Flash Player, though this was not included in the preview announcement.

The updates for Reader and Acrobat address a total of 27 identified vulnerabilities. According to the Security Bulletin [APSB 13-15], the vulnerable versions of Acrobat and Reader are:

  • Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

The Security Bulletin lists the appropriate new versions for these. Users of Reader or Acrobat on Windows or Mac OS X can get the new version via the update mechanism built into the software, which is set to check for updates automatically by default; to initiate a check manually, choose Help / Check for Updates from the product menu. Alternatively, you can download appropriate Reader updates from these links:

Please see the Security Bulletin for Acrobat update downloads, and for further details.

As noted above, Adobe has also released Critical updates for Flash Player; according to the Security Bulletin [ASPB 13-14], these fixes address 13 identified vulnerabilities. Affected versions of the software are:

  • Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.280 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1660 and earlier versions for Android
  • Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

Users on Windows or Mac OS X systems should received the update automatically, if they have enabled the option “Allow Adobe to install updates”. Otherwise, they can obtain the new version from the Flash Player Download Center, as can Linux users. Please see the Security Bulletin for Android updates. Google Chrome ships with its own version of Flash Player, and I would expect a new version of Chrome, incorporating these updates, to appear “real soon now”. I’ll update this post when it’s available.

Because they are so widely installed across platforms, Reader and Flash Player have been tempting targets for the Bad Guys. I suggest that you update your systems as soon as you conveniently can.

Update Tuesday, 14 May, 13:05 EDT

According to a post on the Chrome Releases blog, Google is now pushing Flash Player updates for the Windows and Mac versions of Chrome.  (Mea culpa: I had forgotten that they had added to capability to update things like Flash without doing a whole new version.)


Google Chrome Updated

April 9, 2013

Google has released a new version of its Chrome browser for all platforms.  The new version number for Mac OS X and Linux is 26.0.1410.63; for Windows and Chrome Frame it is 26.0.1410.64.   The principal change in this release is the new version of Adobe’s Flash Player, released today; some bug fixes and stability improvements are also included.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.


%d bloggers like this: