Adobe has Patch Tuesdays, too - a reader reminds us!

Filed Under: Adobe, Featured, Vulnerability

Naked Security reader Haemish Edgerton just gave us a very polite but effective scolding (Linus Torvalds, take note!) for neglecting to mention the Adobe fixes that came out on Tuesday.

As Haemish pointed out:

I realize that the Apple iPhone 5S fingerprint sensor was automatically going to get a lot of attention in the context of security, but Adobe updates are important too :)

Sorry, Haemish.

For the record: there were three bulletins, four platforms affected (Windows, Linux, OS X and Android), five products updated, and fourteen vulnerabilities (CVEs) covered.

The bulletins are: APSB13-21, APSB13-22 and APSB13-23

All three bulletins list the vulnerabilities as potentially exploitable for Remote Code Execution (RCE), or, in Adobe's own words, as bugs that could "allow an attacker to take control of the affected system."

As is often the case with Adobe's updates, there are lots of version numbers to take into account.

That's especially true of Flash Player, where it seems that the product's source code for the various platforms supported is currently at a wide range of different stations in Adobe's railway network. (Platforms. Stations. Geddit?)

Here is what to look for if you want to see if you are vulnerable:

Confused?

Spare a thought for the guys in Adobe Quality Assurance!

, , , , , , , ,

You might like

One Response to Adobe has Patch Tuesdays, too - a reader reminds us!

  1. Oracle did too with Java 7 update 40 !!!!_

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog