Archive for December, 2009

Security Bulletin – Adobe Flash Media Server (FMS)

Today we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers update to the latest version of Flash Media Server (version 3.5.3) in line with security best practices.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory APSA09-07 update

We’ve just updated the Security Advisory posted earlier today to include the planned schedule for a patch to resolve CVE-2009-4324. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory- Adobe Reader and Acrobat

A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 (“New Adobe Reader and Acrobat Vulnerability“, CVE-2009-4324). A critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-4324) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Customers should refer to the Security Advisory for information on mitigating this vulnerability. The advisory will be updated once a schedule has been determined for releasing a fix.
Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. Adobe recommends that you keep your anti-malware software and definitions up-to-date and monitor releases from your vendor about this issue.
We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.

New Adobe Reader and Acrobat Vulnerability

This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletin – Adobe Flash Player

A Security Bulletin was posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player versions 10.0.12.36 and earlier, as well as AIR versions 1.5.2 and earlier.
This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3

Today, we posted a Security Advisory regarding a recently reported Adobe Illustrator issue (CVE-2009-4195). Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Illustrator issue update

Adobe has confirmed the vulnerability in Adobe Illustrator reported recently (CVE-2009-4195). This vulnerability affects Adobe Illustrator CS4 (14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier) on the Windows and Macintosh platforms. We expect to publish a Security Advisory on Monday, December 7 with further information, including a schedule for an update to resolve the issue. As previously reported, a successful exploit of the vulnerability would require a local user to take the action of opening a malicious .eps file in Illustrator. Adobe recommends that customers avoid opening .eps files from unknown sources in Illustrator until a patch is available.
This posting is provided “AS IS” with no warranties and confers no rights.

Potential Adobe Illustrator CS4 issue

Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195). We are currently investigating this issue and will have an update once we have more information. It appears that this issue would require a local user to take the action of opening a malicious .eps file in Illustrator.

This posting is provided “AS IS” with no warranties and confers no rights.

Pre-Notification – Security Update for Adobe Flash Player

A Security Advisory has been posted in regards to the upcoming Adobe Flash Player update scheduled for December 8, 2009. The update addresses critical security issues in the product.
We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.