Adobe Releases Critical Patches for Multiple Products

Wednesday, August 10, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Adobe has released patches for multiple products, including Flash, Shockwave, Photoshop and RoboHelp.

This is the first security update released by Adobe in nearly a month, and four of the five updates are labeled as being of "Critical Severity".

Summaries and links to the patches are as follows:

APSB11-19 – Security update available for Adobe Shockwave Player (Critical Severity)

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions update to Adobe Shockwave Player 11.6.1.629 using the instructions provided below.

Affected software versions:

  • Shockwave Player11.6.0.626 and earlier versions for Windows and Macintosh

Solution:

  • Adobe recommends users of Adobe Shockwave Player 11.6.0.626 and earlier versions upgrade to the newest version 11.6.1.629 available here: http://get.adobe.com/shockwave/.

 

APSB11-20 – Security update available for Adobe Flash Media Server (Critical Severity)

A critical vulnerability has been identified in Adobe Flash Media Server (FMS) 4.0.2 and earlier versions, and Adobe Flash Media Server (FMS) 3.5.6 and earlier versions for Windows and Linux. This vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system.

Adobe has provided an update to address the reported vulnerability and recommends that users update their installations to Flash Media Server 4.0.3 or 3.5.7 respectively using the instructions provided below.

Affected software versions:

  • Flash Media Server 4.0.2 and earlier versions for Windows and Linux
  • Flash Media Server 3.5.6 and earlier versions for Windows and Linux

Solution:

 

APSB11-21 – Security update available for Adobe Flash Player (Critical Severity)

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.25 and earlier versions for Android.  These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.183.5. Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3. Users of Adobe AIR 2.7  for Windows and Macintosh, should update to 2.7.1 and users of AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961.

Note: Adobe is not aware of any exploits 'in the wild' for the issues addressed in this update.

Affected software versions:

  • Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.3.185.25 and earlier versions for Android
  • Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

Solution:

Adobe recommends all users of Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.183.5 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.181.16 or later for Macintosh can install the update via the auto-update mechanism within the product when prompted.

Users of Adobe Flash Player for Android 10.3.185.25 and earlier versions should update to Adobe Flash Player for Android 10.3.186.3 by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Adobe recommends users of Adobe AIR 2.7  for Windows and Macintosh, should update to Adobe AIR 2.7.1 and users of Adobe AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961 from the Android Marketplace by browsing to it on a mobile phone.

 

APSB11-22 – Security update available for Adobe Photoshop CS5 (Critical Severity)

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5. Adobe recommends Photoshop CS5 customers update their Adobe Photoshop CS5 installations using the instructions provided below.

Affected software versions:

  • Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

Solution:

Adobe recommends Adobe Photoshop CS5 and CS5.1 users apply the update(s) referenced below:


APSB11-23 – Security updates available for RoboHelp (Important Severity)

An important vulnerability has been identified in RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8. A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp installations. Adobe recommends users update their product installation using the instructions provided below.

Affected software versions:

  • RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8 for Windows. Note: Customers using RoboHelp 9 version 9.0.1.262 are not vulnerable to this issue.  

Solution:

Adobe recommends users update their RoboHelp and/or RoboHelp Server installations by applying the relevant updates using the instructions below:

RoboHelp 9 (versions 9.0.1.232 and earlier) and RoboHelp Server 9

Download APSB11-23_1.zip. This .zip file contains two whutils.js files.

To apply the update to your RoboHelp 9 or RoboHelp Server 9 installation, follow the steps below:
 
1) Back up "\RoboHTML\WebHelp5Ext\template_stock\whutils.js" and "\RoboHTML\WildFireExt\template_stock\whutils.js."
2) Replace the above files with the updated whutils.js files provided in the .zip file.
3) Regenerate the FlashHelp/WebHelp/FlashHelp Pro/WebHelp Pro output.

RoboHelp 8 and RoboHelp Server 8

Download APSB11-23_2.zip. This .zip file contains two whutils.js files

To apply the update to your RoboHelp 8 or RoboHelp Server 8 installation, follow the steps below:
 
1) Back up "\RoboHTML\WebHelp5Ext\template_stock\whutils.js" and "\RoboHTML\WildFireExt\template_stock\whutils.js."

2) Replace the above files with the updated whutils.js files provided in the .zip file.

3) Regenerate the FlashHelp/WebHelp/FlashHelp Pro/WebHelp Pro output.

 

Source:  http://blogs.adobe.com/psirt/2011/08/adobe-product-security-updates-available-2.html

Possibly Related Articles:
15785
Vulnerabilities
Adobe Flash Application Security Vulnerabilities Headlines Critical Patch Updates Photoshop Shockwave RoboHelp
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.