Last Updated: 2011-08-10 11:57:37 UTC
by Swa Frantzen (Version: 2)
Although none of us seems to have seen any warning, Adobe has released 5 bulletins today.
These update Adobe products to the following versions:
- Adobe Shockwave Player 22.214.171.1249
- Flash Media Server 4.0.3 (or 3.5.7 if you are using 3.x)
- Adobe Flash Player
- Android 10.3.186.3
- Windows, OS X, Solaris, Linux 10.3.183.5
- Adobe Air 2.7.1
- Photoshop version is not changed by the update.
- Robohelp version is not changed, but version 126.96.36.1992 is not vulnerable.
Overview of the August 9th 2011 Adobe Patches.
|#||Affected||Known Exploits||Adobe rating|
|APSB11-19||Multiple memory corruption vulnerabilities in the shockwave player allow random code execution.|
|APSB11-20||A memory corruption vulnerability in the Flash media Server (FMS) allows a denial of service.|
|Flash Media Server (FMS)
|APSB11-21||Multiple vulnerabilities in flash player allow random code execution.|
Adobe claims to not be aware of any exploits in the wild against the vulnerabilities are patched in Flash Player
|APSB11-22||A memory corruption vulnerability in Photoshop CS5, CS5.1 and earlier allows random code execution.|
|APSB11-23||A cross site scripting (XSS) vulnerability attack against RoboHelp installations.|
Please note that adobe is at the time of writing inconsistent in the CVE names they fixed (CVE-2010-XXXX vs CVE-2011-XXXX), I've tried to guess the right ones, but we won't know for sure till the CVE databases are up to date.
This is an effort to try to structure the non-microsoft patches more or less in a familiar format on Black Tuesday, depending on the amount of available information available we can have more or less columns. Do let us know what you think of it!
Swa Frantzen -- Section 66