We are now up to 3 bulletins from Adobe.
TL;DR ? Current versions in one simple table (I hope I got that right):
| Windows | OS X | Linux | |
|---|---|---|---|
| Adobe Reader XI | 11.0.07 | 11.0.07 | - |
| Adobe Reader X | 10.1.10 | 10.1.10 | - |
| Adobe Flash Player 13 | 13.0.0.214 | 13.0.0.214 | 11.2.202.359 |
| Adobe Flash Player (Google Chrome) | 13.0.0.214 | 13.0.0.214 | 13.0.0.214 |
| Adobe Flash Player (MSFT Internet Expl) | 13.0.0.214 | - | - |
| Adobe Air SDK | 13.0.0.111 | ||
| Adobe Illustrator Subscription | 16.2.2 | 16.2.2 | |
| Adobe Illustrator Non-Subscription | 16.0.5 | 16.0.5 |
APSB14-14: covering Flash Player [1]. It fixes 6 different vulnerabilities, one of which was found earlier this year during the pwn2own contest (CVE-2014-0510).
These vulnerabilities affect Windows, Linux and OS X. Adobe assigned them "Priority 1" indicating that they may have been used in targeted exploits. This makes this a "Patch Now!" vulnerability for us.
CVE-2014-0510: pwn2own vulnerability. remote code execution with sandbox bypass.
CVE-2014-0516: Same origin bypass
CVE-2014-0517: Security feature bypass
CVE-2014-0518: Security feature bypass
CVE-2014-0519: Security feature bypass
CVE-2014-0520: Security feature bypass
APSB14-15: For Adobe Acrobat and Reader [2]
CVE-2014-0511: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0512: pwn2own vulnerability. remote code execution wiht sandbox bypass
CVE-2014-0521: information disclosure in Javascript API
CVE-2014-0522: code execution (memory corruption)
CVE-2014-0523: code execution (memory corruption)
CVE-2014-0524: code execution (memory corruption)
CVE-2014-0525: code exectution (use after free?)
CVE-2014-0526: code execution (memory corruption)
CVE-2014-0527: code execution (use after free)
CVE-2014-0528: code execution (double free)
CVE-2014-0529: code execution (buffer overflow)
Like the Flash bulletin, this one is rated "Priority 1".
APSB14-11: Hotfix for Adobe Illustrator
CVE-2014-0513: code execution (Stack Overflow)
This bulletin is only rated "Priority 3".
[1] http://helpx.adobe.com/security/products/flash-player/apsb14-14.html
[2] http://helpx.adobe.com/security/products/reader/apsb14-15.html
[3] http://helpx.adobe.com/security/products/illustrator/apsb14-11.html
'취약점 정보1' 카테고리의 다른 글
| Google Chrome 34.0.1847.137 업데이트 안내 (0) | 2014.05.14 |
|---|---|
| 2014-05-14 취약점 정리 (0) | 2014.05.14 |
| Adobe Flash Player 13.0.0.214 & Adobe AIR 13.0.0.111 (0) | 2014.05.14 |
| 업데이트 : Adobe Reader XI (11.0.07) & Adobe Acrobat XI (11.0.07) (0) | 2014.05.14 |
| 2014년 5월 MS 정기 보안업데이트 권고 (0) | 2014.05.14 |