Adobe Patches Flash Player, Reader

Not to be left out of this month’s “Patch Tuesday” festivities, Adobe has released security updates for its Reader, Acrobat, Flash Player, and AIR software.

The Security Bulletin [APSB14-01] for Acrobat and Reader applies only to the Windows and Mac OS X platforms.  Adobe says the affected software versions are:

• Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh

Adobe rates the severity of the vulnerabilities addressed by this bulletin as Critical.  You can obtain the new version using the software’s built-in update mechanism (Help / Check for Updates); alternatively, you can download Reader installation packages for all platforms here.

The Security Bulletin [APSB14-02] for Flash Player and AIR applies to all platforms (Windows, Linux, and Mac OS X).  Affected software versions are:

• Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.332 and earlier versions for Linux
• Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh
• Adobe AIR 3.9.0.1380 and earlier versions for Android
• Adobe AIR 3.9.0.1380 SDK and earlier versions
• Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions

(You can check the version of Flash Player installed on your system by visiting Adobe’s About Flash Player page.)  Adobe says this is also a Critical vulnerability.  Users of Google’s Chrome browser, of of Microsoft’s Internet Explorer (Versions 10 and 11) should get the new (bundled) Flash Player automatically.   Others can obtain installation packages for all platforms from Adobe’s Flash Player Download Center.   Please see the Security Bulletin for information on AIR updates.

These Adobe packages have, historically, been popular targets for attackers, because they are widely installed across different platforms.  I recommend that you update you systems as soon as you conveniently can.

Adobe Updates Flash Player

Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player.  The fixes address two critical security vulnerabilities.  According to Adobe, the affected software versions are:

• Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.327 and earlier versions for Linux
• Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh
• Adobe AIR 3.9.0.1210 and earlier versions for Android
• Adobe AIR 3.9.0.1210 SDK and earlier versions
• Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Note that Adobe’s AIR software is also affected.  You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.

The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 11.2.202.332.  Please see the Security Bulletin for information on Android versions.

Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms.  There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.

Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism.  Other users can obtain the new version from the Flash Player Download page.

Mozilla Releases Firefox 26.0

The Mozilla organization today released a new version, 26.0, of its Firefox Web browser, for all platforms: Windows, Linux, and Mac OS X.  The new version includes fixes for 14 identified security vulnerabilities, five of which Mozilla rates at Critical severity.  There are also some other bug fixes:

• Text rendering on Windows 7 or 8
• Improved page load times
• MP3 back end on OS X

This version also incorporates some new features:

• Java plugins default to “click to play”
• H.264 is supported on Linux
• Password manager supports script-generated password fields

More details are available in the Release Notes.

Because of its security content, I recommend that you update your system as soon as you conveniently can.  You can get the new version using the built-in update mechanism, or you can get a complete installation package, in any of 70+ languages, from the download page.

Google Releases Chrome 30

Yesterday, Google released version 30.0.1599.66 of its Chrome browser, for all platforms: Linux, Mac OS X , Windows, and Chrome Frame.  According to Google’s Release Announcement, the new version incorporates some new capabilities:

• Easier searching by image
• A number of new apps/extension APIs
• Lots of under the hood changes for stability and performance

The new release also incorporates 50 security fixes.  Google’s announcement highlights 19 of these; of these, Google rates 10 as High severity.  More details are available in the announcement.

Because of its security content, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users should get the new version via Chrome’s built-in update system.  Linux users should check their distribution’s repositories for the new version.

Mozilla Updates Firefox, Thunderbird

Earlier this week, the Mozilla organization released new versions of its Firefox browser and Thunderbird E-mail client, for all platforms: Mac OS X, Linux, and Windows.

The new version, 24.0, of Firefox includes fixes for 17 identified security vulnerabilities, including seven that Mozilla rates as Critical, and four that it rates as High  severity.  It also includes several performance and stability improvements; more information is available in the Release Notes.  You can obtain the new version of FIrefox via the built-in update mechanism, or download a complete installation package, in a variety of languages.

The new version of Thunderbird, also 24.0, has fixes for 13 security vulnerabilities; Mozilla rates six of these as Critical, and three as High severity.  It also includes some new capabilties, including the ability to watch or ignore message threads, and the ability to zoom the composition window.  There are also some miscellaneous bug  fixes.  More detail is available in the Release Notes.   As with Firefox, you can get the new version using the built-in update capability, or download a complete installation package.

Because of the security fixes included in these releases, I recommend that you update your systems as soon as you conveniently can.

Google Releases Chrome 29.0.1547.76

Google has released a new stable version, 29.0.1547.76, of its Chrome browser, for all platforms: Windows, Linux, Mac OS X, and Chrome Frame.  This is primarily a bug fix release, which addresses some display issues, as well as a problem with Flash on some Windows devices.  More information is available in the Release Announcment.

Windows and Mac users should be able to get the new version via the built-in update mechanism. Linux users should check their distribution’s repositories for the new version.