Security updates available for Adobe Flash Player (APSB14-21)

A Security Bulletin (APSB14-21) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

UPDATE: Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-20)

UPDATE: The security update for Adobe Reader and Acrobat has been re-scheduled from September 9, 2014 to the week of September 15, 2014. This delay was necessary to address issues identified during routine regression testing.  

A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, September 9, 2014.

We will continue to provide updates on the upcoming release via the Security Advisory as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Security Bulletins Posted

The following Security Bulletins have been posted today:

APSB14-18: Security updates available for Adobe Flash Player

APSB14-19: Security updates available for Adobe Reader and Acrobat

Customers of the affected products should consult the relevant Security Bulletin(s) for details.

 This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player (APSB14-17)

A Security Bulletin (APSB14-17) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player (APSB14-16)

A Security Bulletin (APSB14-16) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe Security Bulletins Posted

The following Security Bulletins have been posted today:

Customers of the affected products should consult the relevant Security Bulletin(s) for details.

 This posting is provided “AS IS” with no warranties and confers no rights.

Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB14-15)

A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat updates scheduled for Tuesday, May 13, 2014.

We will continue to provide updates on the upcoming release via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.

This posting is provided “AS IS” with no warranties and confers no rights.

Security updates available for Adobe Flash Player (APSB14-13)

A Security Bulletin (APSB14-13) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

Heartbleed Update

Last week, industry security researchers announced a flaw in the OpenSSL encryption software library, known as “Heartbleed,” which can be used to cause a vulnerable system to reveal up to 64k of memory to an attacker.

Adobe has evaluated the Creative Cloud and its related services (including Behance and Digital Publishing Suite), the Marketing Cloud solutions and products (including Analytics, Analytics Premium and Experience Manager), EchoSign, Acrobat.com, the Adobe.com store, and other Adobe services. All Adobe internet-facing services known to have been using a version of OpenSSL containing the Heartbleed vulnerability have been mitigated. We are continuing our analysis of Adobe internet-facing servers to identify and remediate any remaining Heartbleed-related risks.

Some Adobe products and services do not bundle OpenSSL (such as ColdFusion** , Experience Manager and Experience Manager On-Demand) but are frequently deployed by customers on-premise or with third party web servers. We advise these customers to test for the Heartbleed vulnerability (CVE-2014-0160) against their deployment and configuration. If necessary, follow the recommendations provided by the OpenSSL security advisory as appropriate.

At this time, Adobe does not plan to initiate a password reset in response to the Heartbleed vulnerability; however it is always a good practice to change passwords from time to time. We strongly recommend that you change your Adobe password if you use the same user ID and password as your AdobeID and password on multiple websites, so that a compromise of your username and password on a non-Adobe service does not put your Adobe ID at risk.

** Update: ColdFusion does ship a version of OpenSSL that is not vulnerable to the Heartbleed vulnerability.

Security updates available for Adobe Flash Player (APSB14-09)

A Security Bulletin (APSB14-09) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.