It's the fourth quarterly, second Tuesday of the month which means…
It's Adobe Security Update Day!
Adobe is offering three critical security updates:
Adobe Flash Player v11.9.900.170
Adobe AIR v184.108.40.2060
Adobe Shockwave Player v220.127.116.11
Happily, there is no Adobe Acrobat / Adobe Player update required. The current version is 18.104.22.168.
Adobe Security Bulletins are available here:
Security updates available for Adobe Flash Player [and Adobe AIR]
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack….Security update available for Adobe Shockwave Player
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2013-5331).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-5332).
This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 22.214.171.124 and earlier versions update to Adobe Shockwave Player 126.96.36.199 using the instructions provided in the "Solution" section above.
This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-5333, CVE-2013-5334).
. . .NOTE:
Adobe has changed their updating process yet again. Using Adobe's update pages is now simple and logical. Thank you Adobe!
However, Adobe is again preventing users from downloading full installers of the Adobe Flash Player. Instead, all you get is a small installer application that requires access to the Internet in order to download the software components. This of course is entirely contrary to the Mac user experience. It is also annoying and inconvenient. If you have several computers to update, tough luck! If you want to update computers that are not connected to the Internet, tough luck! IOW: Retrograde user-hostility. No thank you Adobe!
I was also annoyed to see the Adobe Flash Player installer phone home to six different Adobe IP addresses during the installation. Six? Seriously? Just to be complicated?
Thankfully, Adobe has not pulled this stunt with the Adobe AIR or Adobe Shockwave Player installers. However, the Adobe AIR installer phones home to four different Adobe IP addresses. Adobe, I thought the ideal was to make installations simpler!