Uninstall instructions from Adobe:
Uninstall Flash Player | Mac OS
Removing Adobe AIR
After uninstalling Flash and AIR, RESTART your running web browsers,
Please do this RIGHT NOW. If you have more than one Mac, be certain to dump Flash and AIR there as well.
More to follow.]
~ ~ ~ ~ ~
It's the second-Tuesday-of-the-month, which means it's time for a bombardment of Adobe security patches! This month's pile of patches is truly astonishing. Keep in mind that this isn't the only day of the month Adobe provides security updates. This past month, Adobe pushed out two separate groups of security updates.
Here are today's Adobe security bulletins:
Adobe Flash and AIR
Adobe Acrobat and Reader
Here are the linked Adobe updates:
Adobe Flash, Desktop v18.104.22.168
Adobe Flash, Extended Support v22.214.171.124 (Scroll down to 'Flash Player Archives')
Adobe AIR v126.96.36.199
Adobe Acrobat DC and DC Reader 'Continuous' v2015.009.20069
Adobe Acrobat DC and DC Reader 'Classic' v2015.006.30094
Adobe Acrobat and Reader XI Desktop v11.0.13
Adobe Acrobat and Reader X Desktop v10.1.16
[I'm not linking the listed CVEs (Common Vulnerabilities and Exposures) this month as the list is massive and I'm rather busy at my end at the moment. The link to look up CVEs is at the right of this page.]
Adobe Flash and AIR
Vulnerability DetailsAdobe Acrobat and Reader
These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).
These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).
These updates resolve a buffer overflow vulnerability that could lead to information disclosure (CVE-2015-6692).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6696, CVE-2015-6698).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).
These updates resolve memory leak vulnerabilities (CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697).
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624).
As ever, running software over the Internet can be dangerous. The most dangerous software to use are the Adobe Flash, Adobe Shockwave and Oracle Java browser plug-ins. If you don't need them, either trash them or pull them out of your system and put them intp a 'disabled' folder. You can find all of these plug-ins here:
Adobe Acrobat and Reader can be dangerous if you're using them to read PDF files you've downloaded from the Internet. The safest way to run either of these programs is with 'Enhanced Security' (Security 'Enhanced') turned ON in their preferences. Even then, as noted in the CVE list above, that may not protect you from malicious PDF files.
Also dangerous, for the same reason, are the Adobe PDF Viewer plug-ins for web browsers. As with the other dangerous plug-ins noted above, either trash them or put them into a 'disabled' folder. If you have a specific reason to use the Viewer plug-ins, then you're stuck with them. However, for the vast majority of people there is NO reason to use them. All web browsers have their own built-in PDF viewer functions. You can find the Adobe PDF Viewer plug-ins here:
~ ~ ~ ~ ~
The #1 Rule of Computing and Security is:
MAKE A BACKUP!
Backups allow you to restore your computer back to health if it gets PWNed (zombied/botted) or otherwise compromised on the Internet.
There are many articles on the Internet about computer backup strategies. Here are a three articles and two ebooks specific to Mac backups:
Bulletproof backups: When you absolutely can't lose any data
Apple: Backing up your Mac hard drive
Apple Support Communities: Most commonly used backup methods
Backing Up Your Mac: A Joe On Tech Guide
TAKE CONTROL OF Security for Mac Users
Stay safe out there kids!