Tag Archives: vulnerability

New AIR and Flash Player versions on July 2009

As you may know there were discovered some critical vulnerabilities in Flash Player, Adobe AIR, Adobe Reader and Acrobat. These were important and forced Adobe to update the products as soon as possible.
If you want to know the details of these vulnerabilities, you can read the next article http://www.adobe.com/support/security/bulletins/apsb09-10.html

A new version of Flash Player was released the last week. Actually there were two versions: Flash Player 10.0.32.18 and 9.0.246. Both of them can be downloaded directly from the Flash Player Downloads page. There, you can get debug and projector versions of the Flash Players. As you can see, Adobe also updated Flash Player 9 instead of just updating Flash Player 10, this was because if you can not have Flash Player 10 installed in you machine for any reason, you will also be protected if you install the new Flash Player 9.
Adobe also released a new version of Adobe AIR, the 1.5.2.8870 version. You can download this version directly from Adobe web site. Besides the fixed vulnerabilities in this new version, there were released more features like the isPerUser property in LocalConnection instances and, for Flash Player 10.0.32.18 and 9.0.246, the modification made to FileReference.save when running Internet Explorer in protected mode. You can see the details in this page http://kb2.adobe.com/cps/497/cpsid_49735.html.
Talking about AIR 1.5.2 if you want to use the new features and code hinting you should download the new SDK also released (1.5.2) and change it in Adobe Flex/Flash Builder and Adobe Flash installations. You can get the SDK here http://www.adobe.com/cfusion/entitlement/index.cfm?e=airsdk. Also don’t forget to change the AIR version in the XML descriptor file of you new AIR application.
That’s all for now.Regards.

A critical update for Acrobat and Adobe Reader

Yesterday Adobe published an update for Acrobat and Adobe Reader installations. This is because of a vulnerability that is considered as critical. This vulnerability uses JavaScript code that can be embed in pdfs to lead to remote code execution.
This vulnerability affects only this versions of the application:* Adobe Reader 8.0 through 8.1.2* Adobe Reader 7.0.9 and earlier* Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2* Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier
You can read more about this issue directly from Adobe Security.
I hope we wont have to get use to this kind of patches and critical updates similar to Microsoft patches for its products where we had to download a new security patch for IExplorer, or Word or Windows every week or less.