Adobe Product Security Incident Response Team (PSIRT) tag:blogs.adobe.com,2009-08-05:/psirt/176 2010-01-29T16:12:10Z Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT@adobe.com. Movable Type 4.261 Security Bulletin - ColdFusion tag:blogs.adobe.com,2010:/psirt//176.45203 2010-01-29T16:10:00Z 2010-01-29T16:12:10Z A Security Bulletin was posted today providing a solution to an important security issue in ColdFusion. This posting is provided "AS IS" with no warranties and confers no rights.... Wendy Poland A Security Bulletin was posted today providing a solution to an important security issue in ColdFusion.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Bulletin - Adobe Shockwave Player tag:blogs.adobe.com,2010:/psirt//176.45044 2010-01-19T21:53:00Z 2010-01-19T21:53:12Z A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player. This posting is provided "AS IS" with no warranties and confers no rights.... Wendy Poland A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security update released for Adobe Reader and Acrobat tag:blogs.adobe.com,2010:/psirt//176.44947 2010-01-12T23:27:12Z 2010-01-12T23:28:04Z Today a Security Bulletin has been posted in regards to the January 12, 2010 quarterly security update for Adobe Reader and Acrobat. The update addresses critical security issues in the products, including a patch to resolve CVE-2009-4324 previously discussed in... David Lenoe Today a Security Bulletin has been posted in regards to the January 12, 2010 quarterly security update for Adobe Reader and Acrobat. The update addresses critical security issues in the products, including a patch to resolve CVE-2009-4324 previously discussed in the Adobe PSIRT blog on December 15, 2009 ("Security Advisory APSA09-07 update"). Adobe recommends that users apply the updates for their product installations. Please note that support has ended for Adobe Reader 7.x and Acrobat 7.x for Windows, Macintosh and UNIX, and Adobe Reader 8.x for UNIX.

For more information on other security enhancements included in this update, please refer to the Adobe Reader blog.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Microsoft Security Advisory (979267) tag:blogs.adobe.com,2010:/psirt//176.44941 2010-01-12T20:27:03Z 2010-01-12T20:26:26Z Microsoft Windows XP redistributes an earlier version of Adobe Flash Player (version 6) that is no longer supported. Adobe discontinued support for Adobe Flash Player 6 in 2006. As always, Adobe recommends that users follow security best practices by updating... David Lenoe Microsoft Windows XP redistributes an earlier version of Adobe Flash Player (version 6) that is no longer supported. Adobe discontinued support for Adobe Flash Player 6 in 2006. As always, Adobe recommends that users follow security best practices by updating to the latest, most secure version of Adobe Flash Player (currently version 10.0.42.34), which is available for download from the Adobe Flash Player Download Center. (See also Microsoft Security Advisory 979267 on this topic.)

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Bulletin - Adobe Illustrator CS4 and Adobe Illustrator CS3 tag:blogs.adobe.com,2010:/psirt//176.44867 2010-01-07T19:15:52Z 2010-01-07T19:14:48Z A Security Bulletin has been posted in regards to the Adobe Illustrator issue last discussed in the Adobe PSIRT blog on December 7, 2009 ("Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3", CVE-2009-4195). Adobe recommends Adobe Illustrator CS4... David Lenoe A Security Bulletin has been posted in regards to the Adobe Illustrator issue last discussed in the Adobe PSIRT blog on December 7, 2009 ("Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3", CVE-2009-4195). Adobe recommends Adobe Illustrator CS4 and Adobe Illustrator CS3 customers update their installations in line with security best practices.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat tag:blogs.adobe.com,2010:/psirt//176.44868 2010-01-07T19:14:00Z 2010-01-07T19:14:20Z A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for January 12, 2010. The updates will address critical security issues in the products, including a critical vulnerability in Adobe Reader and Acrobat... Wendy Poland A Security Advisory has been posted in regards to the upcoming Adobe Reader and Acrobat updates scheduled for January 12, 2010. The updates will address critical security issues in the products, including a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier (CVE-2009-4324), as described in a separate PSIRT blog last posted on December 15, 2009. This quarterly security update will be made available for Windows, Macintosh and UNIX.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Bulletin - Adobe Flash Media Server (FMS) tag:blogs.adobe.com,2009:/psirt//176.44629 2009-12-18T19:37:04Z 2009-12-18T19:38:25Z Today we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers update to the latest version of Flash Media Server (version 3.5.3) in line with security best practices. This... Wendy Poland Today we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers update to the latest version of Flash Media Server (version 3.5.3) in line with security best practices.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Advisory APSA09-07 update tag:blogs.adobe.com,2009:/psirt//176.44595 2009-12-16T06:55:15Z 2009-12-16T06:55:23Z We've just updated the Security Advisory posted earlier today to include the planned schedule for a patch to resolve CVE-2009-4324. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.... David Lenoe We've just updated the Security Advisory posted earlier today to include the planned schedule for a patch to resolve CVE-2009-4324. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Advisory- Adobe Reader and Acrobat tag:blogs.adobe.com,2009:/psirt//176.44593 2009-12-16T00:17:32Z 2009-12-16T00:17:58Z A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 ("New Adobe Reader and Acrobat Vulnerability", CVE-2009-4324). A critical vulnerability exists in Adobe Reader and Acrobat... David Lenoe A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 ("New Adobe Reader and Acrobat Vulnerability", CVE-2009-4324). A critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-4324) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Customers should refer to the Security Advisory for information on mitigating this vulnerability. The advisory will be updated once a schedule has been determined for releasing a fix.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. Adobe recommends that you keep your anti-malware software and definitions up-to-date and monitor releases from your vendor about this issue.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> New Adobe Reader and Acrobat Vulnerability tag:blogs.adobe.com,2009:/psirt//176.44579 2009-12-15T00:13:42Z 2009-12-15T02:10:11Z This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an... David Lenoe This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Bulletin - Adobe Flash Player tag:blogs.adobe.com,2009:/psirt//176.44485 2009-12-09T00:26:00Z 2009-12-09T00:26:40Z A Security Bulletin was posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player versions 10.0.12.36 and earlier, as well as AIR versions 1.5.2 and earlier. This posting is provided "AS IS" with no... Wendy Poland A Security Bulletin was posted to address critical security issues in Adobe Flash Player. This Security Bulletin affects Flash Player versions 10.0.12.36 and earlier, as well as AIR versions 1.5.2 and earlier.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3 tag:blogs.adobe.com,2009:/psirt//176.44464 2009-12-07T23:17:39Z 2009-12-07T23:18:32Z Today, we posted a Security Advisory regarding a recently reported Adobe Illustrator issue (CVE-2009-4195). Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010. This posting is provided "AS IS" with no... David Lenoe Today, we posted a Security Advisory regarding a recently reported Adobe Illustrator issue (CVE-2009-4195). Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Adobe Illustrator issue update tag:blogs.adobe.com,2009:/psirt//176.44445 2009-12-04T22:10:40Z 2009-12-04T22:18:43Z Adobe has confirmed the vulnerability in Adobe Illustrator reported recently (CVE-2009-4195). This vulnerability affects Adobe Illustrator CS4 (14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier) on the Windows and Macintosh platforms. We expect to publish a Security Advisory on Monday,... David Lenoe Adobe has confirmed the vulnerability in Adobe Illustrator reported recently (CVE-2009-4195). This vulnerability affects Adobe Illustrator CS4 (14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier) on the Windows and Macintosh platforms. We expect to publish a Security Advisory on Monday, December 7 with further information, including a schedule for an update to resolve the issue. As previously reported, a successful exploit of the vulnerability would require a local user to take the action of opening a malicious .eps file in Illustrator. Adobe recommends that customers avoid opening .eps files from unknown sources in Illustrator until a patch is available.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Potential Adobe Illustrator CS4 issue tag:blogs.adobe.com,2009:/psirt//176.44408 2009-12-03T20:04:00Z 2009-12-03T20:18:53Z Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195). We are currently investigating this issue and will have an update once we have more information. It appears that this issue would require a local... David Lenoe Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195). We are currently investigating this issue and will have an update once we have more information. It appears that this issue would require a local user to take the action of opening a malicious .eps file in Illustrator.

This posting is provided "AS IS" with no warranties and confers no rights.

]]> Pre-Notification - Security Update for Adobe Flash Player tag:blogs.adobe.com,2009:/psirt//176.44404 2009-12-03T19:02:00Z 2009-12-03T19:03:27Z A Security Advisory has been posted in regards to the upcoming Adobe Flash Player update scheduled for December 8, 2009. The update addresses critical security issues in the product. We will continue to provide updates on the upcoming release via... Wendy Poland A Security Advisory has been posted in regards to the upcoming Adobe Flash Player update scheduled for December 8, 2009. The update addresses critical security issues in the product.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.

This posting is provided "AS IS" with no warranties and confers no rights.

]]>