Tuesday, July 14, 2015

FOUR CRITICAL Adobe Updates:
Flash 18.0.0.209
Shockwave Player 12.1.9.159
Acrobat & Reader 2015.008.20082

--

[Update 2015-07-15: I added download page links for Adobe Acrobat and the non-cloud version of Adobe Reader. Thanks to my collaborator Al for assistance!]

Adobe has released FOUR CRITICAL updates today. Below I list each of the updates, link to their Security Bulletins and link to where you can download them. I've also added a list of CVEs patched in each update. A total of 50 CVEs have been patched in these updates. I believe that's a record for Adobe.

Adobe Flash Player 18.0.0.209

Adobe Security Bulletin

Download Page

CVEs Patched
CVE-2015-5122: "A use-after-free vulnerability that could lead to code execution."
CVE-2015-5123: "A memory corruption vulnerability that could lead to code execution."

Adobe Shockwave Player 12.1.9.159

Adobe Security Bulletin

Download Page

CVEs Patched
CVE-2015-5120 - "Memory corruption vulnerabilities that could lead to code execution"
CVE-2015-5121 - "Memory corruption vulnerabilities that could lead to code execution"

*Neither CVE is yet listed at Mitre.org

Adobe Acrobat & Reader:
DC v2015.008.20082 and v11.0.12

Adobe Security Bulletin

Adobe Reader DC Download Page

Adobe Reader (non-cloud) v11.0.12 Download Page

Adobe Acrobat Pro and DC Pro Download Page

CVEs Patched
CVE-2014-0566 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2014-8450 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-3095 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-4435 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4438 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4441 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4443 - “Null-pointer dereference issues that could lead to a denial-of-service condition.”
CVE-2015-4444 - “Null-pointer dereference issues that could lead to a denial-of-service condition.”
CVE-2015-4445 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4446 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-4447 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4448 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-4449 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-4450 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-4451 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4452 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5085 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5086 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5087 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5088 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5089 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5090 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5091 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5092 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5093 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5094 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5095 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5096 - "Heap buffer overflow vulnerabilities that could lead to code execution."
CVE-2015-5097 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5098 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5099 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5100 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5101 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5102 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5103 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5104 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5105 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5106 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5107 - "An information leak vulnerability."
CVE-2015-5108 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5109 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5110 - "A stack overflow vulnerability that could lead to code execution."
CVE-2015-5111 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5113 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5114 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5115 - "Memory corruption vulnerabilities that could lead to code execution."

* CVEs not linked above have not yet been listed at Mitre.org.

--

No comments:

Post a Comment