Adobe Security Updates: Flash Player, AIR, Reader

[Corrine]

The Adobe Flash Player and Adobe Reader updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe Flash Player and AIR

Release date: August 12, 2014
Vulnerability identifier: APSB14-18
CVE number: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545

The newest versions are as follows:

ActiveX for IE and Macintosh version: 14.0.0.176
Plugin: 14.0.0.179
Linux: 11.2.202.400​

Users of Adobe AIR 14.0.0.110 and earlier versions for Windows and Macintosh should update to the Adobe AIR 14.0.0.178.

Flash Player direct download links:

• Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/...ensing/win/install_flash_player_14_plugin.exe
• Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/...sing/win/install_flash_player_14_active_x.exe
  Internet Explorer, Windows 8 and above: Microsoft updated Security Advisory 2755801. If you do not have Automatic Updates enabled, the Flash Player update can be downloaded from Microsoft Security Advisory: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10: July 9, 2013.
  
  
• Verify Installation: About Flash Player page
• Flash Player Uninstaller: http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe
• Adobe AIR: Adobe - Adobe AIR

Adobe Reader

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows. These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform. Adobe Reader and Acrobat for Apple's OS X are not affected.

Release date: August 12, 2014
Vulnerability identifier: APSB14-19
CVE numbers: CVE-2014-0546
Platform: Windows

Update or Complete Download: Update checks can be manually activated by choosing Help > Check for Updates.

• Adobe Reader XI (11.0.07) for Windows is available here: Adobe - Adobe Reader : For Windows.

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

 

[Corrine]

Anyone who still uses Adobe Reader is encouraged to update ASAP. via Graham Cluley at Urgent! Adobe Users Told to Patch Reader and Acrobat Against Zero-day Attacks | Optimal Security: The Lumension Blog

Adobe has warned computer users to update their installations of Adobe Reader and Acrobat as a matter of urgency, after it was discovered that malicious hackers were exploiting a critical zero-day vulnerability in targeted attacks.

According to the software company, it is “aware of evidence that indicates an exploit in the wild is being used in limited, isolated attacks targeting Adobe Reader users on Windows.”

Personally, I've replaced Adobe Reader with Sumatra PDF. If you don't like the yellow background, it is easy to change, Replacing Adobe Reader with Sumatra PDF

(Download Sumatra PDF)