August 9, 2011
Today, we released the following Security Bulletins:
Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.
This posting is provided “AS IS” with no warranties and confers no rights.
May 12, 2011
Today, we released the following Security Bulletins:
Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.
On a related note, we recently added an Acknowledgments page on the Adobe website to thank the individuals and organizations who report a security vulnerability or vulnerabilities in an Adobe product or online service. For acknowledgments of individuals and organizations reporting a security vulnerability or vulnerabilities in an Adobe product, please refer to the “Acknowledgments” section in each Security Bulletin. The new page will list the individuals and organizations who report a security vulnerability or vulnerabilities in an Adobe online service, and worked with us to help protect our customers.
This posting is provided “AS IS” with no warranties and confers no rights.
November 9, 2010
Today, we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers follow security best practices and update their product installations to the latest version of Flash Media Server (version 4.0.1, 3.5.5 or 3.0.7 respectively).
This posting is provided “AS IS” with no warranties and confers no rights.
August 10, 2010
Today, we released the following Security Bulletins:
Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended.
This posting is provided “AS IS” with no warranties and confers no rights.
March 15, 2010
An important vulnerability was recently identified in Apache HTTP Server version 2.2.14 and earlier (CVE-2010-0425: mod_isapi module unload flaw). The flaw in mod_isapi could result in an attempt to unload the ISAPI dll when encountering various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution. This vulnerability has been fixed in Apache httpd 2.2.15.
Adobe is issuing this blog post as an advisory for customers of Adobe Flash Media Server 3.5.x (Windows only), which ships with version 2.2.9 of Apache HTTP Server:
While Adobe Flash Media Server is not vulnerable to this exploit without specific configuration to support ISAPI-based actions, Adobe recommends customers disable the ISAPI module as a precaution.
To prevent the ISAPI module from loading, change the following line in the Flash Media Server Apache configuration at FMS_INSTALL_DIR/Apache2.2/conf/httpd.conf from
LoadModule isapi_module modules/mod_isapi.so
to
#LoadModule isapi_module modules/mod_isapi.so
If the ISAPI module is needed for your particular Apache distribution, Adobe recommends you update your Apache installation to version 2.2.15, which includes the patch to fix this vulnerability.
For documentation on the configurations Flash Media Server uses to determine its Apache location, visit http://help.adobe.com/en_US/FlashMediaServer/3.5_AdminGuide/WSE2A5A7B9-E118-496f-92F9-E295038DB7DB.html.
This posting is provided “AS IS” with no warranties and confers no rights.
December 18, 2009
Today we posted a Security Bulletin to address critical security issues in Adobe Flash Media Server. Adobe recommends Flash Media Server customers update to the latest version of Flash Media Server (version 3.5.3) in line with security best practices.
This posting is provided “AS IS” with no warranties and confers no rights.
April 30, 2009
We’ve just posted a Security Bulletin and update for Flash Media Server. The update addresses a potential privilege escalation issue in Flash Media Server.
This posting is provided “AS IS” with no warranties and confers no rights
November 17, 2008
Today’s Flash Player Security Bulletin discloses several new potential vulnerabilities, but please note that there is no new corresponding Flash Player update since the previous Security Bulletin. Adobe waited until an update to Adobe AIR, which embeds Flash Player, was available before disclosing this particular set of issues because the vulnerabilities in today’s Security Bulletin APSB08-22 have more potential impact for the AIR product than the previously disclosed Flash Player issues from Security Bulletins APSB08-18 and APSB08-20. If you haven’t already, please update to Flash Player 10.0.12.36 (or Flash Player 9.0.151.0).
There is also an AIR Security Bulletin today, which includes an update to resolve an AIR-specific security issue and the aforementioned Flash Player issues. We recommend everyone update to Adobe AIR 1.5.
Finally, we have published a new Security Advisory for Flash Media Server customers. Adobe recommends Flash Media Server customers enable SWF verification to avoid potential video stream capturing by third-party software.
This posting is provided “AS IS” with no warranties and confers no rights.
September 2, 2008
A new Security Advisory for Flash Media Server 3.0 has just been posted. This Advisory points customers to a recent tech note that describes how to protect Flash Media Server video content from stream capture software, or ‘rippers’.
