Adobe Product Security Incident Response Team (PSIRT) Blog

Adobe Security Bulletins Posted

Wendy Poland — Tue, 14 May 2013 15:24:19 +0000

Adobe published the following Security Bulletins today:

Customers of the affected products should consult the relevant Security Bulletin(s) for details.

This posting is provided “AS IS” with no warranties and confers no rights.

Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-15)

Wendy Poland — Thu, 09 May 2013 23:23:14 +0000

A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 14, 2013.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for ColdFusion (APSA13-03)

Wendy Poland — Thu, 09 May 2013 01:15:15 +0000

A Security Advisory (APSA13-03) has been posted in regards to a critical issue in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and UNIX. Adobe is aware of reports that exploit code for the vulnerability is publicly available. Information regarding this vulnerability, including mitigation recommendations, is provided in the Security Advisory. We are in the process of finalizing a fix for the issue and expect a hotfix will be available on May 14, 2013.

We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Reader and Acrobat Information Leakage Issue

Wendy Poland — Thu, 02 May 2013 20:46:40 +0000

Adobe is aware of reports of a low severity information leakage issue described in a recent advisory. A user’s IP address and timestamp could be exposed when opening a specially crafted PDF.

This issue will be resolved in the next scheduled releases (May 14) of Adobe Reader and Acrobat.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Security Bulletins Posted

Wendy Poland — Tue, 09 Apr 2013 17:26:13 +0000

Today, we released the following Security Bulletins:

Customers of the affected products should consult the relevant Security Bulletin(s) for details.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player (APSB13-09)

Wendy Poland — Tue, 12 Mar 2013 15:43:36 +0000

Today, a Security Bulletin (APSB13-09) has been posted to address security updates in Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users apply the updates for their product installations.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player (APSB13-08)

Wendy Poland — Tue, 26 Feb 2013 19:47:36 +0000

Today, a Security Bulletin (APSB13-08) has been posted to address security issues in Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 11.2.202.270 and earlier versions for Linux.

Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target Flash Player in Firefox.

Adobe recommends users apply the updates for their product installations.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Reader and Acrobat (APSB13-07)

Wendy Poland — Wed, 20 Feb 2013 16:45:17 +0000

Today, a Security Bulletin (APSB13-07) has been posted to address security issues in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that vulnerabilities (CVE-2013-0640 and CVE-2013-0641) are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe recommends users apply the updates for their product installations.

This posting is provided “AS IS” with no warranties and confers no rights.

Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02)

Wendy Poland — Sun, 17 Feb 2013 02:18:20 +0000

We just updated the Security Advisory (APSA13-02) posted on Wednesday, February 13, 2013 to include the planned schedule for a patch to resolve CVE-2013-0640 and CVE-2013-0641. Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013.

We will continue to provide updates on these issues via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security Advisory for Adobe Reader and Acrobat (APSA13-02)

Wendy Poland — Thu, 14 Feb 2013 02:31:37 +0000

A Security Advisory (APSA13-02) has been posted in regards to critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.

Adobe will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.