Jump to content

Adobe Flash Player Security Updates


Corrine

Recommended Posts

Adobe has released critical security updates for Flash Player. Details are available in my blog post at Adobe Flash Player Critical Security Update.

 

The newest versions are as follows:

Windows and Macintosh: 14.0.0.125

Linux: 11.2.202.359

Users of the Adobe AIR 13.0.0.111 SDK and earlier versions should update to the Adobe AIR 14.0.0.110 SDK (Adobe - Adobe AIR).

 

The direct download links.

  • Like 3
Link to comment
Share on other sites

  • 4 weeks later...

Deviating from the regular "Patch Tuesday" schedule that Adobe been following, Adobe released security updates for Adobe Flash Player 14.0.0.125 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.378 and earlier versions for Linux were released today. (Hmm, today is Tuesday. Sorry for my confusion.)

 

 

The newest versions are as follows:

 

Windows and Macintosh: 14.0.0.145

Linux: 11.2.202.394

 

Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK from the AIR Download Center.

 

The direct download links without any "Optional Offers"

 

Non-IE (Opera, Firefox, Etc.): http://download.macr...r_14_plugin.exe

 

Windows XP, Vista and 7: Flash Player For Internet Explorer 7, 8, 9, 10, 11: http://download.macr...14_active_x.exe

 

Internet Explorer in Windows 8 systems will be updated via Windows Update. Windows RT must obtain the update from Windows Update. Google Chrome will be automatically updated.

  • Like 2
Link to comment
Share on other sites

Update: Catching up on my reading, I learned from Graham Cluley's article that the early update is due to what is referred to as "Rosetta Flash – a tool which he says can convert any .SWF Adobe Flash file into one composed entirely of alphanumeric characters."

 

Based on the information from Graham, it would be wise to update sooner rather than later!

Link to comment
Share on other sites

Guest LilBambi

Update: Catching up on my reading, I learned from Graham Cluley's article that the early update is due to what is referred to as "Rosetta Flash – a tool which he says can convert any .SWF Adobe Flash file into one composed entirely of alphanumeric characters."

 

Based on the information from Graham, it would be wise to update sooner rather than later!

 

Great news and reason to update ASAP!!

 

Thanks Corrine!

Link to comment
Share on other sites

The newest versions are as follows:

 

Windows and Macintosh: 14.0.0.145

Linux: 11.2.202.394

 

Users of the Adobe AIR 14.0.0.110 SDK and earlier versions should update to the Adobe AIR 14.0.0.137 SDK from the AIR Download Center.

 

According to the properties of the Adobe AIR installer I just downloaded, it is still 14.0.0.110, not 14.0.0.137. I don't want to wast time installing the version I already have. Anyone know why latest version isn't at AIR download center?
Link to comment
Share on other sites

You're right. I was taking the information from the release notes about the Adobe AIR update. The SDK is for developers so you're up to date with the .110 version. (It was one of those days. I was absolutely positive that it was Monday and couldn't figure out why Adobe was updating Flash Player a day early. I finally figured out that I was a day off. :D )

  • Like 1
Link to comment
Share on other sites

You're right. I was taking the information from the release notes about the Adobe AIR update. The SDK is for developers so you're up to date with the .110 version. (It was one of those days. I was absolutely positive that it was Monday and couldn't figure out why Adobe was updating Flash Player a day early. I finally figured out that I was a day off. :D )

Thanks Corrine! I have the AIR Settings Mgr installed on Win7 system, but I don't really trust it to update automatically since I don't even know what uses AIR, which came preinstalled on that Lenovo laptop. Edited by ebrke
Link to comment
Share on other sites

Maybe you don't need it. I had one program that used AIR and when I uninstalled that, so went AIR. You could remove it and if it is needed by a software, you'll be prompted to install it.

  • Like 1
Link to comment
Share on other sites

Maybe you don't need it. I had one program that used AIR and when I uninstalled that, so went AIR. You could remove it and if it is needed by a software, you'll be prompted to install it.

I thought about that, but this is mother's laptop, and I'm pretty sure it's the Lenovo ThinkVantage Tools software that uses AIR, so I think I'll leave everything in place. I did install the Settings Manager tool that's supposed to update AIR automatically, but I think that needs me to log in with an admin account before it will work. Her account is standard user.
Link to comment
Share on other sites

  • 4 weeks later...

The Adobe Flash Player and Adobe Reader updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

Adobe Flash Player and AIR

 

Release date: August 12, 2014

Vulnerability identifier: APSB14-18

CVE number: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545

 

The newest versions are as follows:

 

ActiveX for IE and Macintosh version: 14.0.0.176

Plugin: 14.0.0.179

Linux: 11.2.202.400

 

Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.

 

Flash Player direct download links:



 

Adobe Reader

 

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.

 

Release date: August 12, 2014

Vulnerability identifier: APSB14-19

CVE numbers: CVE-2014-0546

Platform: Windows

 

Update or Complete Download: Update checks can be manually activated by choosing Help > Check for Updates.

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

  • Like 2
Link to comment
Share on other sites

Anyone who still uses Adobe Reader is encouraged to update ASAP. via Graham Cluley at Urgent! Adobe Users Told to Patch Reader and Acrobat Against Zero-day Attacks | Optimal Security: The Lumension Blog

 

Adobe has warned computer users to update their installations of Adobe Reader and Acrobat as a matter of urgency, after it was discovered that malicious hackers were exploiting a critical zero-day vulnerability in targeted attacks.

 

According to the software company, it is “aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows.”

 

Personally, I've replaced Adobe Reader with Sumatra PDF. If you don't like the yellow background, it is easy to change, Replacing Adobe Reader with Sumatra PDF

 

(Download Sumatra PDF)

  • Like 2
Link to comment
Share on other sites

  • 4 weeks later...

Release Notes: http://helpx.adobe.c...ease_notes.html

 

The direct download links for Adobe Flash Player for Windows 7 and below:

To verify the version go to About Flash Player page

 

Adobe AIR has also been updated to 15.0.0.249. http://get.adobe.com/air/

 

Note: For those expecting Adobe Reader to be updated today, the update has been delayed. See the PSIRT blog post.

  • Like 2
Link to comment
Share on other sites

  • 2 weeks later...

Adobe Flash Player update for ActiveX only.

 

Release Notes: http://helpx.adobe.com/flash-player/release-note/fp_15_air_15_release_notes.html

Today's release resolves an issue in which some end users, when attempting to watch video from certain websites, experienced a failure to play the video, or an error message. This release contains a fix that should significantly reduce the prevalence of video playback failure on sites where this problem previously occurred.

 

Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe

Windows 8.x: Microsoft Security Advisory 2755801

  • Like 1
Link to comment
Share on other sites

Thanks Corrine! I've had some sporadic problems with videos playing, and on a couple of sites, with slide shows playing, with IE10 running on WIN7 Pro 64bit. Here's a direct link to the download page on Adobe's website where you can download the .exe or .msi file to your PC then install it later: http://www.adobe.com/products/flashplayer/distribution3.html These direct download programs do not have the Google toolbar or other softwares being offered when you install Flash.

Link to comment
Share on other sites

  • 3 weeks later...

The newest versions are as follows:

 

ActiveX for IE and Macintosh version: 15.0.0.189

Plugin: 15.0.0.189

Linux: 11.2.202.411

 

Users of Adobe AIR 15.0.0.252 and earlier versions for Windows and Macintosh should update to the Adobe AIR 15.0.0.293.

 

Flash Player® 15 AIR® 15

 

Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe

Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe

  • Like 2
Link to comment
Share on other sites

  • 4 weeks later...

Adobe has released security updates for Adobe Flash Player 15.0.0.223 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.418 and earlier versions for Linux.

 

Release Notes: Release Notes | Flash Player® 15 AIR® 15

 

The direct download links for Adobe Flash Player for Windows 7 and below:

To verify the version go to About Flash Player page

 

Adobe AIR has also been updated to 15.0.0.356.. Adobe - Adobe AIR

Link to comment
Share on other sites

  • 2 weeks later...

Adobe has released out of band security updates for Adobe Flash Player. The updates address a critical bug and includes security fixes, particularly improving the security mitigation that was introduced in the October 14th release of APSB14-22.

 

The direct download links for Adobe Flash Player for Windows 7 and below:

To verify the version go to About Flash Player page

 

 

 

 

 

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...

Adobe has released the following critical security updates:

 

Adobe Flash Player 16.0.0.235:

 

Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe

Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe

 

Adobe Reader XI 11.0.10: Adobe Reader For Windows

  • Like 3
Link to comment
Share on other sites

  • 1 month later...

Adobe has released security updates for Adobe Flash Player 16.0.0.235. and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.425 and earlier versions for Linux. In addition, Version 16 of Adobe AIR has been released.

 

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Details of the vulnerabilities are included in the below-referenced Security Bulletin.

 

The direct download links:

 

Security Bulletin: APSB15-01

Release Notes: Flash Player® 16 AIR® 16

  • Like 2
Link to comment
Share on other sites

I'm in a quandery as to getting Adobe flash to up date . It just won't happen .

 

I've looked on the forum posts for info . If it's there . Maybe this reply could be moved over to that thread. I would post more Help.

Link to comment
Share on other sites

Do you mean you want Adobe Flash Player to update automatically or when you download the above-linked exe's they won't install?

Link to comment
Share on other sites

Guest LilBambi

NOTE: For those using Google Chrome, Flash will be automatically updated within Google Chrome when you update Google Chrome.

 

The same is true of Internet Explorer in Windows 8.1 if they are still doing that with the latest version.

Link to comment
Share on other sites

Thing is ,running Deb Squeeze . with FF allup to date .

video links on forum say Flash out of date. >Shockwave Flash 11.2.202.364<vulnerable update now . ..I chase the links until I get >javascript. void..<

OK . So into symantic do the update .. No luck. So d/load the tar.gz. Unpack it .. and fail again .

 

It's making me feel really skewpit dat I kant do dis liddle ting .

 

My last chance is a Terminal install . But I done lost my notes and cannot remember the syntax .

Link to comment
Share on other sites

I have recently gone through most of my distros to update libflashplayer.so to the version ending in ....425. In theory you should only have to copy that file over the old one of the same name, wherever it is located, but in most cases here that didn't work as well as expected, perhaps due to Firefox somehow misinterpreting the name and rev number as containing comma separators instead of periods?

 

Anyway, for me the real fix seems to be to get the current rev 35.0 of Firefox and install that. I hate the new look, but I'll tolerate it better than having to constantly override the flash objection. I dunno where [location] FF35 looks to find that file, but have found that creating a 'plugins' subdir under ~./.mozilla/firefox/*.default -- and copy the libflashplayer to that -- it'll be found and used.

  • Like 1
Link to comment
Share on other sites

Guest LilBambi

https://wiki.debian.org/FlashPlayer/

 

If none of the things on this page works, I might be time to move to Google Chrome or manually install the latest version of Firefox and then follow the wiki above.

 

Another viable option would be to move to Wheezy. ;)

 

I use Google Chrome in Wheezy personally.

Edited by LilBambi
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...