Archive for September, 2011

Security Advisory for Adobe Photoshop Elements 8.0 (APSA11-03)

A Security Advisory (APSA11-03) has been posted in regards to Adobe Photoshop Elements 8.0. Critical vulnerabilities exist in Adobe Photoshop Elements 8.0 and earlier versions on the Windows operating system. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date.

This posting is provided “AS IS” with no warranties and confers no rights.

Security update available for Adobe Flash Player (APSB11-26)

Today, a Security Bulletin (APSB11-26) has been posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Flash Player 10.3.186.6 for Android. There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. This universal cross-site scripting issue could be used to take actions on a user’s behalf on any website or webmail provider if the user visits a malicious website. Adobe recommends users apply the updates for their product installations.

This posting is provided “AS IS” with no warranties and confers no rights.

Prenotification: Security Update for Flash Player

A Flash Player update is scheduled for release tomorrow, September 21, 2011. This update will address critical security issues in the product as well as an important universal cross-site scripting issue that is reportedly being exploited in the wild in targeted attacks.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

DigiNotar removed from Adobe Approved Trust List (AATL)

As discussed on the Security Matters blog, the Adobe Approved Trust List (AATL) has been updated to remove the certificate authority DigiNotar. Users of Adobe Reader and Acrobat X (version 10.x) will be automatically updated to this list. A future product update of Adobe Reader and Acrobat version 9.x will enable dynamic updates of the AATL. In the meantime, users of Adobe Reader and Acrobat 9 can manually remove DigiNotar using instructions provided in the September 9 blog post.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates released for Adobe Reader and Acrobat (APSB11-24)

Today, a Security Bulletin (APSB11-24) has been posted in regards to this quarter’s security updates for Adobe Reader and Acrobat. The updates address critical security issues in the products. Adobe recommends that users apply the updates for their product installations.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.

This posting is provided “AS IS” with no warranties and confers no rights.

Update on DigiNotar removal from the Adobe Approved Trust List (AATL)

An update on the removal of the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL) following the recent DigiNotar breach has been posted on the Security Matters blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Update on DigiNotar and the Adobe Approved Trust List (AATL)

We are in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List (AATL) and will post an update on this action tomorrow.

In the meantime, users can manually remove these certificates from Adobe Reader and Acrobat* by following these steps:
(*Note that the AATL is only supported in Adobe Reader and Acrobat versions 9 and X.)
 
Adobe Reader Version 9
1)   Open Adobe Reader.
2)   Open the Document Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.
  
Adobe Acrobat Version 9
1)   Open Adobe Acrobat.
2)   Open the Advanced Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.
 
Adobe Reader and Acrobat X
1)   Open Adobe Reader or Acrobat.
2)   Open the Edit Menu->Protection->Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.

This posting is provided “AS IS” with no warranties and confers no rights.

Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat

A prenotification Security Advisory has been posted in regards to the upcoming quarterly Adobe Reader and Acrobat updates scheduled for Tuesday, September 13, 2011. The updates will address critical security issues in the products.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.