Wednesday, December 28, 2016
Its Adobe Critical Updates Day! Flash AIR have 13 CVE patches Acrobat Reader have 51 patches!!!
Its Adobe Critical Updates Day! Flash AIR have 13 CVE patches Acrobat Reader have 51 patches!!!
--
Uninstall instructions from Adobe:
Uninstall Flash Player | Mac OS
Removing Adobe AIR
After uninstalling Flash and AIR, RESTART your running web browsers,
Please do this RIGHT NOW. If you have more than one Mac, be certain to dump Flash and AIR there as well.
More to follow.]
~ ~ ~ ~ ~
Its the second-Tuesday-of-the-month, which means its time for a bombardment of Adobe security patches! This months pile of patches is truly astonishing. Keep in mind that this isnt the only day of the month Adobe provides security updates. This past month, Adobe pushed out two separate groups of security updates.
Here are todays Adobe security bulletins:
Adobe Flash and AIR
Adobe Acrobat and Reader
Here are the linked Adobe updates:
Adobe Flash, Desktop v19.0.0.207
Adobe Flash, Extended Support v18.0.0.252 (Scroll down to Flash Player Archives)
Adobe AIR v19.0.0.213
Adobe Acrobat DC and DC Reader Continuous v2015.009.20069
Adobe Acrobat DC and DC Reader Classic v2015.006.30094
Adobe Acrobat and Reader XI Desktop v11.0.13
Adobe Acrobat and Reader X Desktop v10.1.16
CVE Patches:
[Im not linking the listed CVEs (Common Vulnerabilities and Exposures) this month as the list is massive and Im rather busy at my end at the moment. The link to look up CVEs is at the right of this page.]
Adobe Flash and AIR
Vulnerability DetailsAdobe Acrobat and Reader
These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).
These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).
Vulnerability Details
These updates resolve a buffer overflow vulnerability that could lead to information disclosure (CVE-2015-6692).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6696, CVE-2015-6698).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).
These updates resolve memory leak vulnerabilities (CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697).
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624).
These updates resolve various methods to bypass restrictions on Javascript API execution (CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614, CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715).
WARNING:
As ever, running software over the Internet can be dangerous. The most dangerous software to use are the Adobe Flash, Adobe Shockwave and Oracle Java browser plug-ins. If you dont need them, either trash them or pull them out of your system and put them intp a disabled folder. You can find all of these plug-ins here:
/Library/Internet Plug-ins/
Adobe Acrobat and Reader can be dangerous if youre using them to read PDF files youve downloaded from the Internet. The safest way to run either of these programs is with Enhanced Security (Security Enhanced) turned ON in their preferences. Even then, as noted in the CVE list above, that may not protect you from malicious PDF files.
Also dangerous, for the same reason, are the Adobe PDF Viewer plug-ins for web browsers. As with the other dangerous plug-ins noted above, either trash them or put them into a disabled folder. If you have a specific reason to use the Viewer plug-ins, then youre stuck with them. However, for the vast majority of people there is NO reason to use them. All web browsers have their own built-in PDF viewer functions. You can find the Adobe PDF Viewer plug-ins here:
/Library/Internet Plug-ins/AdobePDFViewer.plugin
/Library/Internet Plug-ins/AdobePDFViewerNPAPI.plugin
~ ~ ~ ~ ~
As usual:
The #1 Rule of Computing and Security is:
MAKE A BACKUP!
Backups allow you to restore your computer back to health if it gets PWNed (zombied/botted) or otherwise compromised on the Internet.
There are many articles on the Internet about computer backup strategies. Here are a three articles and two ebooks specific to Mac backups:
Bulletproof backups: When you absolutely cant lose any data
Apple: Backing up your Mac hard drive
Apple Support Communities: Most commonly used backup methods
Backing Up Your Mac: A Joe On Tech Guide
TAKE CONTROL OF Security for Mac Users
Stay safe out there kids!
--
Available link for download